Forum Discussion
Ivan_Chernenkii
Apr 30, 2020Employee
Hello,
What version of BIG-IP do you use and what type of login page do you configure in policy for BF?
In general, URL must become qualified for challenge injection after about 10 valid request to it.
Also, make sure that brute force prevention with CPATCHA doesn't overlapping some other criteria - if you configure several BF preventions, then it is possible that block happens by some other criteria, which becomes valid before CAPTCHA
Thanks, Ivan