Forum Discussion

Altocumulus

Aug 10, 2019

Brute force protection for an API endpoint (no login page)?

Hello, Configuring Brute force protection entails declaring the login page(s).. Is it possible to use this protection on a site where every page is a login page, in a sense? It's an API endpoint and...

ASM Advanced WAF

security

Dario_Garrido

MVP

Aug 10, 2019

Hello Mohamed.

Actually, you have a default "Brute Force Attack Prevention" profile which applies to all the URLs not manually defined.

"You can add default brute force protection when creating a security policy using the Deployment wizard. If you do, the policy simply needs to know for which login pages to enforce brute force protection. The system creates a default brute force configuration that applies to all defined login URLs that are not associated with any other brute force configuration."

REF - https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/6.html

See this path ->

Security > Application Security > Anomaly Detection > Brute Force Attack Prevention

KR,

Dario.

Forum Discussion

Brute force protection for an API endpoint (no login page)?

Recent Discussions

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Wildcard SSL Certificate Deployment on F5 LTM

Related Content

Apache Airflow Unsafe API Endpoint

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cisco ACI Endpoint Learning with a BIG-IP HA Failover