Forum Discussion

Cirrostratus

May 19, 2014

OWA bruteforce protection with ASM

Hi, Have you ever tried to protect MS Outlook Web Access login page with ASM? I'm trying to set up brute force protection but don't have any luck. I made a login page with the following param...

Cirrostratus

May 20, 2014

I've found that if I change the value of "Login Attempts From The Same Client" parameter to 1 I will have my OWA login page blocked after 3-4 of log in attempts.

And in this case Event Viewer shows the following violation:

Brute Force: Maximum login attempts are exceeded
Number of Login Attempts    1

But again I made 3-4 attempts.

As I can see such behaviour is not a BIG-IP issue but characteristic of OWA login procedure.

That's why I'm asking for a best practice for this kind of task.

Or all I need just use APM in this case?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

OWA bruteforce protection with ASM

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Managing NGINX App Protect WAF for Beginners

Cookie-based DDoS protection

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS