Nimbostratus
CumulonimbusHi,
You can try code like this (not tested)
it capture username in the first request, then store it for next request.
when the user send the password, it insert the username in the payload to allow ASM burteforce protection.
when ASM allowed the request, replace the payload by the previous one (in HTTP_REQUEST_SEND event)
when HTTP_REQUEST {
if {[HTTP::uri] equals "/login"} {
replace the cookie name by the application cookie used to follow the session
set key [HTTP::cookie value mycookie]
if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
Check if $content_length is not set to 0
if {($content_length > 0)} {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
if {[set username [URI::query "?[HTTP::payload]" username]] ne ""} {
table set -subtable BruteForceProtection $key $username 300 900
} elseif {[set username [URI::query "?[HTTP::payload]" password]] ne ""} {
set username [table lifetime -subtable BruteForceProtection -remaining $key]
set payload [HTTP::payload]
HTTP::payload replace 0 [HTTP::payload length] "$payload&username=$username"
set plength [HTTP::payload length]
HTTP::release
}
}
when HTTP_REQUEST_SEND {
if {[info exists $payload]} {
HTTP::payload replace 0 $plength "$payload"
unset payload
}
}