AWAF version 15.1.8.1 does not support Brute Force as one of the attacks for Delayed Blocking

Wasfi_Bounni · ‎18-Sep-2023

Hi;

With Delayed Blocking, one of the attacks in the list of attacks that can be associated with delayed blocking is "Brute Force, maximum login attemps are exceeded"

For some reason, I cannot find this attack type in the list and I know it used to be there in previous versions of TMOS.

Kindly

Wasfi

Wasfi_Bounni · ‎24-Sep-2023

I found out from F5 that this feature has been discontinued. It used to be there in versions 11 and 12.

View solution in original post

whisperer · ‎18-Sep-2023

Thought this was an option for application security access session tracking (APM) and preventing session hijacking and tracking user sessions (ASM).

F5_Design_Engineer · ‎19-Sep-2023

Hi Wasfi,

Can you please check it here

ASM is going to check the failed login attempts here:

Please check the below link for more detail:

https://clouddocs.f5.com/training/community/waf/html/waf341/module1/lab1/lab1.html

Wasfi_Bounni · ‎21-Sep-2023

The issue is that "Brute Force: Maximum Logins exceeded" is not there as an option as one of the associated violations for delayed blocking under sessions and logins. Although all other violations are in the available list.

Wasfi_Bounni · ‎24-Sep-2023

I found out from F5 that this feature has been discontinued. It used to be there in versions 11 and 12.

DevCentral

AWAF version 15.1.8.1 does not support Brute Force as one of the attacks for Delayed Blocking

MFA required on DevCentral