AWAF Brute Force protection not working for HTML Web application

Question

Hi Team,I have configured login page and Brute force protection for my web application but it is not working:The content-type of the request is Content-Type: application/x-www-form-urlencodedbelow is the configuration of Login page with HTML form authentication type:this is the inspection result of the login page:We need your support please.&nbsp;Thanks,Ahmed&nbsp;

mohamed_salah_ · Answer

Hello Ahmed,Please make sure that the brute force settings in the learning and blocking settings is enabled, (blocked).and modify the brute force profile and select the login page created in the ASM policy inside the brute force protection. if you have finished these steps, you can start changing the login condition:for example try expected status code "302" as the response was 302.or unexpected status code, for example "200"Or unexpected string in the response and check for a string that shows when you login with wrong credntials, for example "login failed".All of these results (expected and unexpected) can be found in the developer tool inside the response and headers tab.&nbsp;

Forum Discussion

AWAF Brute Force protection not working for HTML Web application

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Protect multi-cloud and Edge Generative AI applications with F5 Distributed Cloud

Community Learning Path: Web Application and API Protection (WAAP)

Protect an application exposed on Internet with F5 XC WAAP

Protect Applications from Spring4Shell. (CVE-2022-22965)

Protect your Mobile Applications with F5 Distributed Cloud Bot Defense