APM Sharepoint authentication
Published Apr 20, 2016
Version 1.0Was this article helpful?
Hi Kai,
[ACCESS::user getsid $user_key] in only used when another session is already authenticated. so the user provided first the right login / password.
for next requests with same login / password, there is no need to check if the password is wrong with lockout prevention. the password was right during first logon, so password is used to build fingerprint.
I understand that brute force prevention may be the next security part for the irule allowing basic auth as APM disable brute force prevention with min / max failure delay.
to enable min / max failure delay, I can add the following code before ACCESS::respond in ACCESS_POLICY_COMPLETED event:
set min "[PROFILE::access min_failure_delay]000"
set max "[PROFILE::access max_failure_delay]000"
after [expr {int(rand() * ($max + 1 - $min)) + $min}]
ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$static::Basic_Realm_Text\"" Connection close
unset min max