Forum Discussion

Altostratus

Oct 28, 2024

Implementing Multi-Step Authentication with Separate Brute-Force Protections

Hello, Our application has a complex authentication process. When a user enters their email and password, we first verify the email by calling a URL to check if it exists in the database. If the ema...

application delivery

secuirty

Aswin_mk

MVP

Nov 02, 2024

Hello

Is the application hosted in F5 ApM profile and where u enabled the protection profiles?

Aswin

Hamza_derbali

Altostratus

Jun 26, 2025

Hello Aswin_mk ,

Thanks for your response.

The application vs is behind APM portal and the protection (ASM policy) is enabled on that VS.

BR,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Implementing Multi-Step Authentication with Separate Brute-Force Protections

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Why I could not post a comment

Priority Group Activation is not working

F5 Config - API Access on servers

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

F5 Device Management Certificate renewal

Related Content

SSH Brute Force Protection with SSH Proxy

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS