Detection Per IP Address

Attempt invalid logins

In the browser address bar change to the login page URL at http://hackzazon.f5demo.com/user/login.

Try to login with various usernames and passwords.

Important

Do NOT use the same username twice.

After at least 20 failed login attempts you should get the CAPTCHA page.

Tip

Why does it take so many failed logins to detect when you are using different usernames?

Complete the CAPTCHA. You should be returned to the login screen.

Review ASM Request log

In the BIG-IP browse to the ASM Request log at Security >> Event Logs >> Application >> Requests.

Look through the request log for the most recent illegal request to /user/login.

image16

Note

What Violation was detected for this request?

What other details about this request are visible when you select the “occurrence”?

What indicator is there that this Brute Force violation was detected by IP address instead of by username?