ErkkiS_295148
Sep 28, 2017Cirrus
f5 asm login pages / brute force detection header value
Hello,
I am trying to configure brute-force prevention and login pages. I have a header value that is set when the login fails on the specified login URL: "login-failed: true".
When the login succeeds there is no header like "login-failed: false" or "login-successful: true"
The problem is that the signon page is used for many different apps and this is the only thing that is in common for them all when the login fails.
Seems the "String that should not appear" is only scanning for body text so detecting failed logins is not working.
Are the only ways to make this work to tell the application guys to add "login-failed: false" or "login-succesful: true" header?