Canan_374222
Mar 19, 2019Nimbostratus
User gets blocking page instead of captcha during brute force attack
Hello everyone, I want to mitigate brute force captcha to Exchance OWA. However, user gets blocking page instead of captcha during brute force attack. Although I created brute force protection configuration as alarm and captcha mitigation, in the blocked request, I see that the reason for blocking page is brute force attack with alarm and blocking page mitigation. Have you encountered the same problem before or does anyone know what should be done in that case?
Some informations about my policy are listed below:
- Brute force is configured with alarm and captcha mitigation.
- The only source configured is username.
- My login page is /owa/auth.owa.
- Authentication Type is HTML Form.
- Username Parameter Name is username and Password Parameter Name is password.
- Expected HTTP response status code is 302.
- F5 version is 14.0.0.2
- My security policy is created with Exchance 2016 template.
Best regards, Canan