Forum Discussion
Jan 22, 2020
Hello Omar.
You need to configure Brute Force Protection.
Depends on your release, you have this:
- 13.0 or higher - https://support.f5.com/csp/article/K18650749
- 12.1 - https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/6.html
Another example of configuration
REF - https://clouddocs.f5.com/training/community/waf/html/class8/module2/lab2.html
In your approach, I would use "email" field as username and "account" as password (check your html tags)
Use the access validation to let the application knows when someone introduce one field just for testing (maybe one specific field in the server response).
Let me know if it helps.
KR,
Dario.