disable autocomplete when user login to APM logon page
Hi, for quite some time, I've been trying to figure out how to disable the option to save and auto-complete user credentials for those who log in to the APM login page. I've seen some articles on Stack Overflow and such, and this option is somewhat of a mystery, as I see it. From what I've read, the way to do it is to modify the logon.inc file in the APM itself and ensure that there is a line "autocomplete='off'." I've checked the file myself, and all seems fine as described, but still, when I try to log in to a webtop, the option to save my username and password is still popping up. Any tips on the matter? Is it still possible? By the way, we are running version 16.1.3.3.
Vulnerabilities on Configuration utility login page.
Hi everyone I've perform pen-testing and found vulnerabilities on Configuration utility login page like this. 1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.) 2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page. Can we mitigate these two issue? ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header. about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services. thank you
ASM JSON login page
Hi, Trying to configure a JSON login page in ASM. The page first asks for the username and only then for the password. 1) When configuring JSON login in ASM, you must supply both the parameters( username and password), how can I configure only one? 2) In case I'ts possible to configure only one parameter, what is the best approach in this case? to configure 2 different login pages, each with one parameter( 1) password , 2)user)? Thanks, Alex
APM login page and DataSafe - why not working?
Hi, I followed instructions in Lock Down Your Login as well as watched referenced video but no ALG is performed when accessing APM standard login page (after redirect to /my.policy). I am sure DataSafe is working as I can see encryption and other functions working when accessing different sites. Is there something special that has to be configured to enable APM login page protection? I am using 13.1.06 VE for that. PiotrAPM login page and DataSafe - why not working?
Hi, I followed instructions in Lock Down Your Login as well as watched referenced video but no ALG is performed when accessing APM standard login page (after redirect to /my.policy). I am sure DataSafe is working as I can see encryption and other functions working when accessing different sites. Is there something special that has to be configured to enable APM login page protection? I am using 13.1.06 VE for that. Piotr
