ASM brute force configuration for Exchange EWS

Question

Hello,&nbsp;We want to configure brute force protection on the exchange ews login page https://abc.com/ews/exchange.asmx.&nbsp;When we use in authentication-type HTML and parameters (username&amp;password) in login url, username is not detected and when we test protection it's not working. And it is the same with when we use authentication-type NTLM in the login url, username is not detected and protection is not working.&nbsp;Need help to configure it.&nbsp;Thanks.

boneyard · Answer

how do you determine it is not working?&nbsp;when you normally go to the page do you get a logon page or just NTLM or HTTP Basic single sign on?&nbsp;you do SSL offloading if that is required?&nbsp;which TMOS version? not 11.6 by chance? https://support.f5.com/csp/article/K05113177

Forum Discussion

ASM brute force configuration for Exchange EWS

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Brute Force protection for single parameter like OTP

ASM or AWAF Exchange 2019 OWA Protection against Brute force Attacks!

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

HTTP Brute Force Mitigation Playbook: Overview - Chapter 1

iRule for Brute Force Password Guessing Attacks