For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hamza_derbali's avatar
Hamza_derbali
Icon for Altostratus rankAltostratus
Oct 28, 2024

Implementing Multi-Step Authentication with Separate Brute-Force Protections

Hello,

Our application has a complex authentication process. When a user enters their email and password, we first verify the email by calling a URL to check if it exists in the database. If the email doesn’t exist, the authentication process stops there, and the password isn’t checked. If the email exists, we proceed to the second step, where the application calls a different URL to verify both the email and password.

To manage this flow, I decided to use two separate login pages, each with its own brute-force attack prevention. I’ve successfully implemented the second login page (with two parameters), but I’m currently stuck on the first login page, as it only requires a single parameter.

First step :

 

any help would be appreciated

Thank you.

2 Replies

  • Hello

     

    Is the application hosted in F5 ApM profile and where u enabled the protection profiles?

     

    Br

    Aswin 

    • Hamza_derbali's avatar
      Hamza_derbali
      Icon for Altostratus rankAltostratus

      Hello Aswin_mk​ ,

      Thanks for your response.


      The application vs is behind APM portal and the protection (ASM policy) is enabled on that VS.

      BR,