Forum Discussion

Sanal_Babu's avatar
Sanal_Babu
Icon for Nimbostratus rankNimbostratus
Mar 20, 2019

Brute force Outlook mail

We have brute force enabled for exchange login url and few users who has multiple mail accounts configured in single device are getting blocked with "Brute Force: Maximum login attempts are exceeded ". As per my understanding ASM Brute force is only looking for failed login attempts against the configured URL. But user account is valid and using right credentials. How F5 is tracking it as failed logins?

 

BF settings

 

Detection Period 60 Minutes Maximum Prevention Duration 60 Minutes Username Trigger: After 10 failed login attempts Action: Alarm and Captcha

 

User who have 3 mail boxes configured in a single device is having trouble since the connection initiating from a single IP address.

 

Any thoughts ?

 

1 Reply

  • yuova's avatar
    yuova
    Icon for Nimbostratus rankNimbostratus

    hello ,

    can you please share the configuration it doesn't work to me for owa .

    i put the authentication login as " [ HTTPS] POST /owa/auth.owa "