cancel
Showing results for 
Search instead for 
Did you mean: 
Viv_Richards
Cirrostratus
Cirrostratus

Brute Force Protection for single parameter

This can be achieved with the help of ASM Data Guard & Session tracking

1. Log all request & response to record valid OTP request & invalid OTP request/response. This is just to record request & response. After recording request & response, you should remove Log All request profile from virtual server.  
2. From invalid OTP response, identify unique response
For eg - FAILED or Mobile number not registered
3. Configure this unique response in Data Guard Custom pattern so that firewall will track session based on that

4. Configure URL which sends OTP parameter at Data Guard Protection Enforcement Enforced URLs

Viv_Richards_0-1657172748869.png

5. Now go to session tracking, Enable Session Awareness, Track Violations and Perform Actions, mention violation detection period 60 seconds. you can change this time as per recommendation by your security team
6. In session tracking, go to Delay Blocking , enable Session threshold to 3 violation. It means 3 violations in 60 seconds will be ignored or 3 violations in 60 seconds will not be blocked
7. Enable IP Address threshold to 20 , it means if any IP will be blocked after 20 violations
8. In Associated Violations, Select Data Guard:Information leakage detected

Viv_Richards_1-1657172878879.png

 

 

Comments
Erik_Novak
F5 Employee
F5 Employee

Nice work. Don't forget to check Learning and Blocking settings for Data Guard.