Forum Discussion

Nimbostratus

Nov 09, 2010

Replay Attack prevention for HTTP Post of Auth details

Hi, I have an application (let's call it website 1) which users log into using a username and password. Once logged in the app sends back a simple landing page with some links, and in hidden fields it...

Nimbostratus

Nov 10, 2010

Hi,

Best assume the username and password are buried in the middle of the payload (and this location will probably change over time if app developers mess around with the page) but they will be in hidden fields so they should be adjacent to specified field names, as opposed to being randomly scattered in the page.

The POST should be one time, so an iRule for one time token submission would be ideal but i couldn't find one.

thanks

Carl

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Replay Attack prevention for HTTP Post of Auth details

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

ASN Details

APM-DHCP Access Policy Example and Detailed Instructions

Operationlizing Online Fraud Detection, Prevention, and Response

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

F5 ASM/AWAF Preventing unauthorized users accessing admin path using iRule script

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS