Forum Discussion

Cirrus

Apr 28, 2020

No CAPTCHA - URL is not yet qualified for challenge injection

Hi, I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have config...

Employee

Before brute force mitigation will be applied, ASM must see at least 10 responses in 5 minutes from the back-end application with a Content-Type header of text/html and a response code of 200. If you run this TMSH command you should see the list of all Qualified URLS: <tmsh list sys db dosl7.cs_qualified_urls>

Nikoolayy1

MVP

Dec 30, 2023

I needed to qualify urls also for captcha and from my tests the variable works but it is for manually to add urls as dynamicly added qualified urls will not be seen in this variable as they are probably saved in memory.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

No CAPTCHA - URL is not yet qualified for challenge injection

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Use Fully Qualified Domain Name (FQDN) for GSLB Pool Member with F5 DNS

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

Serverside SNI injection iRule

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS