Forum Discussion

Cirrus

Apr 28, 2020

No CAPTCHA - URL is not yet qualified for challenge injection

Hi, I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have config...

Employee

Apr 30, 2020

Hello,

What version of BIG-IP do you use and what type of login page do you configure in policy for BF?

In general, URL must become qualified for challenge injection after about 10 valid request to it.

Also, make sure that brute force prevention with CPATCHA doesn't overlapping some other criteria - if you configure several BF preventions, then it is possible that block happens by some other criteria, which becomes valid before CAPTCHA

Thanks, Ivan

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

No CAPTCHA - URL is not yet qualified for challenge injection

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Use Fully Qualified Domain Name (FQDN) for GSLB Pool Member with F5 DNS

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

Serverside SNI injection iRule

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS