Implementing Multi-Step Authentication with Separate Brute-Force Protections

Question

Hello,Our application has a complex authentication process. When a user enters their email and password, we first verify the email by calling a URL to check if it exists in the database. If the email doesn’t exist, the authentication process stops there, and the password isn’t checked. If the email exists, we proceed to the second step, where the application calls a different URL to verify both the email and password.To manage this flow, I decided to use two separate login pages, each with its own brute-force attack prevention. I’ve successfully implemented the second login page (with two parameters), but I’m currently stuck on the first login page, as it only requires a single parameter.First step :&nbsp;any help would be appreciatedThank you.

aswin_mk · Answer

Hello&nbsp;Is the application hosted in F5 ApM profile and where u enabled the protection profiles?&nbsp;BrAswin&nbsp;

Forum Discussion

Implementing Multi-Step Authentication with Separate Brute-Force Protections

Recent Discussions

Implementing Multi-Step Authentication with Separate Brute-Force Protections

IMAP-S External Health monitor

Can BIG-IP DNS recursion only my domain?

Resolving DNS, and dynamically selecting pool

iRule URI rewrites don't always use the correct pool

Related Content

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

HTTP Brute Force Mitigation Playbook: Overview - Chapter 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS