Forum Discussion
Yes, you need to identify the user someway.
If you cannot do it with the email or another field in the form, I recommend you to modify the html to include a hidden field with information of the user (maybe cookie or something else).
Let me know if this helps.
KR,
Dario.
Jan 23, 2020
BTW, if you only want to block attempts by source IP you can do it using an iRule (counting the number of attempts and include those source IPs in a blacklist).