Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.6.0, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1
Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF5, 11.4.0 HF7, 11.2.1 HF11
Opened: Nov 23, 2013 Severity: 3-Major Related Article:
K17098
In this release, you can configure the Brute Force Login protection with more granular detection rates.
Unable to appropriately configure Brute Force prevention.
Low traffic environment that typically sees less than 1 login failure per second but still wishes to trigger Brute Force prevention.
None
To improve brute force mitigation, we made the following changes: -We added a new internal parameter: bf_num_sec_per_value. This defines how many seconds is a single measure unit for a failed login. For example, if you want to configure 7 failed logins per 5 seconds, in the Configuration utility configure "7" as the threshold value (the "Failed Login Attempts Rate reached" setting in the Detection Criteria area of the Brute Force Protection Configuration screen), and from the command line configure "5" as the value of this internal parameter. If this value is configured, the system will detect an attack only by the threshold (and not by the increase). If this value is configured, all traffic from suspicious IP addresses are blocked. The default value for the internal parameter is 1 second. -In the Configuration utility, we removed the validation for all the threshold and minimal values. You can put now very low values such as 1 or 2 in the detection and suspicious criteria.