cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

JSON elements for login page

Maksym
Nimbostratus
Nimbostratus

Hello team! I need to configure login page for brute-force protection of application.

 

It was easy for a web browser because the HTML form is easy to configure and works well.

 

But the authentication type for the mobile app is JSON / AJAX. I'm facing a problem: I'm unable to select the correct values for the username and password JSON elements from the entire server response. Should I use <map>, <string> and other tags in these fields, or should I only use keywords? I only found one example using JSON / AJAX authentication https://clouddocs.f5.com/training/community/waf/html/waf241/module4-login-protect/lab1/lab1.html, without any tags, but this example doesn't work in our environment.

 

Thanks!

1 REPLY 1

Maksym
Nimbostratus
Nimbostratus

For example, after trying to sign in from a mobile app with incorrect credentials, ASM received a large request. I found the password I entered, in the following context:

 

<string>password</string><string>value</string><string>Igxiguodufjffuu</string>

 

Which part of this line should we insert into the Password field? Same question about the the login field.

 

0691T00000Dz54MQAR.png