Manual Chapter :
Brute force
Applies To:
Show Versions
BIG-IP ASM
- 16.0.0
Brute force
The brute force attacks are attempts to break into secured areas of a web application
by trying exhaustive, systematic, user name and password combinations to discover
legitimate authentication credentials. To prevent brute force attacks, the system tracks the number of failed attempts to reach the configured login
URLs. The system considers it to be an attack if the failed login rate increased at a
very high number or if failed logins reached a certain number.
The following is an
example for brute force attacks prevention:
"brute-force-attack-preventions" : [ { "captchaBypassCriteria" : { "action" : "alarm-and-drop", "enabled" : true, "threshold" : 5 }, "clientSideIntegrityBypassCriteria" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "detectionCriteria" : { "action" : "alarm-and-captcha", "credentialsStuffingMatchesReached" : 100, "detectCredentialsStuffingAttack" : true, "detectDistributedBruteForceAttack" : true, "failedLoginAttemptsRateReached" : 100 }, "leakedCredentialsCriteria" : { "action" : "alarm-and-blocking-page", "enabled" : false }, "loginAttemptsFromTheSameDeviceId" : { "action" : "alarm-and-captcha", "enabled" : false, "threshold" : 3 }, "loginAttemptsFromTheSameIp" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 20 }, "loginAttemptsFromTheSameUser" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "measurementPeriod" : 900, "preventionDuration" : "3600", "reEnableLoginAfter" : 3600, "sourceBasedProtectionDetectionPeriod" : 3600, "url" : { "method" : "*", "name" : "/login", "protocol" : "http", "type" : "explicit" } } ]