For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

saidshow's avatar
saidshow
Icon for Cirrus rankCirrus
Apr 28, 2020

No CAPTCHA - URL is not yet qualified for challenge injection

Hi,   I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have config...
ASM Advanced WAF
Brute
captcha
injection
javascript
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
May 05, 2020

Before brute force mitigation will be applied, ASM must see at least 10 responses in 5 minutes from the back-end application with a Content-Type header of text/html and a response code of 200. If you run this TMSH command you should see the list of all Qualified URLS: <tmsh list sys db dosl7.cs_qualified_urls> 

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Dec 30, 2023

    I needed to qualify urls also for captcha and from my tests the variable works but it is for manually to add urls as dynamicly added qualified urls will not be seen in this variable as they are probably saved in memory.