Bug ID 686108: User gets blocking page instead of captcha during brute force attack

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:

Opened: Sep 28, 2017

Severity: 2-Critical


Unexpected blocking page while captcha is configured.


Unexpected blocking page mitigation where captcha mitigation was expected.


-- Brute force configured with alarm and captcha mitigation. -- The only source configured is username. -- These are the first failed login requests after a system start up or after a login page configuration change.


There are two workarounds: -- Access the login page at least 10 times within 5 minutes. -- Run the following command: tmsh modify sys db asm.cs_qualified_urls value <YOUR_LOGIN_URL>

Fix Information

Fixed an issue with unexpected blocking page while captcha is configured.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips