Removing F5 Leaked Credential Check (LCC) config from BIG-IP AWAF

The below provide a guideline to remove the F5 Leaked Credentials Check (LCC) configuration.

Leaked Credential Check

The F5 Leaked Credential Check feature is configured as an add-on service to F5 BIG-IP Advanced WAF.  

  • On the Main tab, click Security > Application Security > Security Policies.
  • You need to do the following for every policy with configured Leaked Credential Check 
    • Select the security policy you want to work on. Select Advanced Protection > Brute Force  Prevention on the left side of the screen.
  •  Click on every login page in the list and do the following:
    • In the Leaked Credentials Detection section, disable Detection.
  •  In the Distributed Brute Force Protection section, for Detect Credential Stuffing Attack, select Never.

Cloud Service removal 

In the Distributed Cloud Services ›› Cloud Services: Cloud Security Services Applications, select your custom f5-credential-stuffing-cloud-app and press delete. 

If you have added a load balancer, a route, gateway etc. to enable this service and these are not needed anymore, please remove these as well.


In the Application Security: Policy Building: Learning and Blocking Settings, remove the alarm and block from the Leaked Credentials Detection violation.

Published Jun 20, 2024
Version 1.0

Was this article helpful?

No CommentsBe the first to comment