Bruteforce mitigation on JSON parameters
Hi All,
I would like to know the possibilities to protect a webserver,against bruteforce attacks, who uses JSON parameters. In the ASM, the default option is, to protect a loginpage. The webapplication we want to protect, uses JSON parameter. The request looks like this :
Content-Length: 84 Proxy-Connection: keep-alive Content-Type: application/json; charset=utf-8 User-Agent: [ics]:[iPad]:[2.1]:[20141103]:[1]:[Retina] Connection: keep-alive
{"cardPostFix":"0097","postalCode":"1112CN","houseNumber":"5","expiryDate":"08\/18"}
There is a possibility to do something with JSON (JSON profiles) but this concentrate on only the data and lenght that passes the ASM. Not bruteforce.
Is there a basis iRule for this to exam this kind of mitigation. I looked for some and find one(POST Request Exponential Backoff), but I'm not sure this is the right way to implement a bruteforce mitigation.
Thanks in advance. Erwin