Forum Discussion

Maksym's avatar
Maksym
Icon for Nimbostratus rankNimbostratus
Aug 27, 2021

JSON elements for login page

Hello team! I need to configure login page for brute-force protection of application.

 

It was easy for a web browser because the HTML form is easy to configure and works well.

 

But the authentication type for the mobile app is JSON / AJAX. I'm facing a problem: I'm unable to select the correct values for the username and password JSON elements from the entire server response. Should I use <map>, <string> and other tags in these fields, or should I only use keywords? I only found one example using JSON / AJAX authentication https://clouddocs.f5.com/training/community/waf/html/waf241/module4-login-protect/lab1/lab1.html, without any tags, but this example doesn't work in our environment.

 

Thanks!

1 Reply

  • Maksym's avatar
    Maksym
    Icon for Nimbostratus rankNimbostratus

    For example, after trying to sign in from a mobile app with incorrect credentials, ASM received a large request. I found the password I entered, in the following context:

     

    <string>password</string><string>value</string><string>Igxiguodufjffuu</string>

     

    Which part of this line should we insert into the Password field? Same question about the the login field.