AltostratusSlowdown of login attempts on APM SSLVPN
Hello experts,
I have a question about slowing down failed logins from automated sources
Version: 16.1.4.1.0.50
Using APM for SSLVPN and LTM
Problem:
We have lots of attempts to "door knock" the VPN by trying random usernames - "admin" "chris", etc. So far we have blocked by country, but as it is only a blacklist we need to constantly update it and it's not a sustainable or clever solution.
I know there are options for login slowdown on other WAF solutions and would like to see if what the options are on F5. By that I mean if a source IP address tries, say 3 times to login and fails every time then they have to wait 30 seconds, then if they try another 3 times they have to wait twice as long, 60 seconds. In this way we can slow down the login attempts as they mostly come repeatedly from the same IP addresses.
At the moment we don't use ASM/AWAF, although I think it is an option according to the licence information:
Best Bundle, VE-200M(Perpetual)
...
ASM, VE
...
Is there an APM feature to acheive this? That would obviously be the easiest.
If ASM is needed, what is the simplest ASM option?
Many thanks,
Peter
Hello Peter,
You can try use the Captcha option under the Authentication features. I think that is help you to decrease the attempts, or block if the user is using same script.
https://my.f5.com/manage/s/article/K51200002
Good luck.
