Forum Discussion

Cirrus

Apr 28, 2020

No CAPTCHA - URL is not yet qualified for challenge injection

Hi, I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have config...

Employee

Apr 30, 2020

Hello,

What version of BIG-IP do you use and what type of login page do you configure in policy for BF?

In general, URL must become qualified for challenge injection after about 10 valid request to it.

Also, make sure that brute force prevention with CPATCHA doesn't overlapping some other criteria - if you configure several BF preventions, then it is possible that block happens by some other criteria, which becomes valid before CAPTCHA

Thanks, Ivan

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

No CAPTCHA - URL is not yet qualified for challenge injection

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Floating IP responds from wrong VLAN/trunk

Webtop which has VNC for macos users

AST Configuration Assistance

expandsSubcollections and filtering in F5 SDK

F5 i-series Guests to r-series tenants migration

Related Content

Breaking Down the Quantum Challenge: Why Post-Quantum Cryptography Can't Wait

WAF evasion techniques for Command Injection

BIG-IP Next for Kubernetes, addressing today’s enterprise challenges

Mobile Security: Current Challenges & A Vision For The Future

Meeting the Federal Quantum Challenge: How F5 Enables Compliance with New Government Mandates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS