Manual Chapter : Overview: Blocking a user from logging into a web site

Applies To:

Show Versions Show Versions
Manual Chapter

Overview: Blocking a user from logging into a web site

FPS allows you to block a user from entering a web site, which is useful in cases where you think the user's credentials have been compromised. You can block a user indefinitely, or for a limited time period that you set. If a user is blocked, FPS directs the user to a blocking page when the user attempts to login to the blocked web site. FPS provides the default contents for the blocking page, but the contents of this page can change in the BIG-IP system.
F5 does not recommend blocking users because this gives fraudsters a clear signal that an attack was detected and eventually blocking signals may be used by fraudsters to fingerprint, or even reverse engineer the system. F5 suggests that the protected web page or mobile app silently drop malicious transactions or suspicious sessions or put them in a review queue without signaling to the fraudster that the system has identified an issue. This can be done by integrating FPS dashboard alerts into the your risk engine or web application APIs.