Captcha is being displayed for successfull login attempts as well when brute force mitigation is set in f5 asm
one of my user is logging ina nd logging out 3 times successfully, but when he is tryign to login 4th time, he is given captcha, but brute force is setup for only failed attempts as i understand, can anyone help here ?
It seems like there might be some misconfiguration with the F5 ASM (Application Security Manager) settings. Normally, F5 ASM is designed to display a CAPTCHA challenge only after a certain number of consecutive failed login attempts, which is the default behavior for brute force mitigation.
However, in your case, the CAPTCHA challenge is being displayed even for successful login attempts. This could be due to misconfiguration or an issue with the F5 ASM configuration.
Here are some potential steps you can take to troubleshoot and resolve the issue:
Check the ASM configuration: Ensure that the ASM configuration is set to trigger CAPTCHA only after a certain number of failed login attempts. Double-check that the configuration settings are correct and there are no typos or other errors.
Check the ASM logs: Review the ASM logs to see if there are any errors or issues that might be causing the CAPTCHA challenge to appear after successful login attempts.
Check for other security measures: Check if there are any other security measures in place that might be causing the CAPTCHA challenge to appear, such as a firewall or antivirus software.
Contact F5 support: If you're still unable to resolve the issue, contact F5 support for further assistance. They can provide guidance and help troubleshoot the problem.
Overall, the issue could be caused by a misconfiguration in the ASM settings, an issue with the logs, or some other security measure. By following the steps above, you should be able to troubleshoot and resolve the problem.