Bug ID 438809: Brute Force Login

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF5, 11.4.0 HF7, 11.2.1 HF11

Opened: Nov 23, 2013

Severity: 3-Major

Related Article: K17098


In this release, you can configure the Brute Force Login protection with more granular detection rates.


Unable to appropriately configure Brute Force prevention.


Low traffic environment that typically sees less than 1 login failure per second but still wishes to trigger Brute Force prevention.



Fix Information

To improve brute force mitigation, we made the following changes: -We added a new internal parameter: bf_num_sec_per_value. This defines how many seconds is a single measure unit for a failed login. For example, if you want to configure 7 failed logins per 5 seconds, in the Configuration utility configure "7" as the threshold value (the "Failed Login Attempts Rate reached" setting in the Detection Criteria area of the Brute Force Protection Configuration screen), and from the command line configure "5" as the value of this internal parameter. If this value is configured, the system will detect an attack only by the threshold (and not by the increase). If this value is configured, all traffic from suspicious IP addresses are blocked. The default value for the internal parameter is 1 second. -In the Configuration utility, we removed the validation for all the threshold and minimal values. You can put now very low values such as 1 or 2 in the detection and suspicious criteria.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips