Manual Chapter : Brute force

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 16.0.0
Manual Chapter

Brute force

The brute force attacks are attempts to break into secured areas of a web application by trying exhaustive, systematic, user name and password combinations to discover legitimate authentication credentials. To prevent brute force attacks, the system tracks the number of failed attempts to reach the configured login URLs. The system considers it to be an attack if the failed login rate increased at a very high number or if failed logins reached a certain number.
The following is an example for brute force attacks prevention:
"brute-force-attack-preventions" : [ { "captchaBypassCriteria" : { "action" : "alarm-and-drop", "enabled" : true, "threshold" : 5 }, "clientSideIntegrityBypassCriteria" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "detectionCriteria" : { "action" : "alarm-and-captcha", "credentialsStuffingMatchesReached" : 100, "detectCredentialsStuffingAttack" : true, "detectDistributedBruteForceAttack" : true, "failedLoginAttemptsRateReached" : 100 }, "leakedCredentialsCriteria" : { "action" : "alarm-and-blocking-page", "enabled" : false }, "loginAttemptsFromTheSameDeviceId" : { "action" : "alarm-and-captcha", "enabled" : false, "threshold" : 3 }, "loginAttemptsFromTheSameIp" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 20 }, "loginAttemptsFromTheSameUser" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "measurementPeriod" : 900, "preventionDuration" : "3600", "reEnableLoginAfter" : 3600, "sourceBasedProtectionDetectionPeriod" : 3600, "url" : { "method" : "*", "name" : "/login", "protocol" : "http", "type" : "explicit" } } ]