F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

saidshow's avatar
saidshow
Icon for Cirrus rankCirrus
Apr 27, 2020

No CAPTCHA - URL is not yet qualified for challenge injection

Hi,   I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have config...
ASM Advanced WAF
Brute
captcha
injection
javascript
security
Ivan_Chernenkii's avatar
Ivan_Chernenkii
Icon for Employee rankEmployee
Apr 30, 2020

Hello,

 

What version of BIG-IP do you use and what type of login page do you configure in policy for BF?

In general, URL must become qualified for challenge injection after about 10 valid request to it.

Also, make sure that brute force prevention with CPATCHA doesn't overlapping some other criteria - if you configure several BF preventions, then it is possible that block happens by some other criteria, which becomes valid before CAPTCHA

 

Thanks, Ivan