Overview: Brute force protection

About brute force attacks

Brute force attacks are attempts to break in to secured areas of a web application by trying exhaustive, systematic, username/password combinations to discover legitimate authentication credentials. To prevent brute force attacks, WAF tracks the number of failed attempts to reach the configured login URLs. When brute force patterns are detected, the WAF policy considers it to be an attack if the failed logon rate increased significantly or if failed logins reached a maximum threshold.

Brute force protection

You can add default brute force protection when creating a security policy. If you do, the policy simply needs to know for which login pages to enforce brute force protection. WAF creates a default brute force configuration that applies to all defined login URLs that are not associated with any other brute force configuration. WAF can detect login pages created in the security policy. At least one login URL must be defined in the security policy to protect against brute force attacks.

Brute force protection on BIG-IP Next Central Manager

• Brute force protection on BIG-IP Next Central Manager

• Reference: Authentication types

Brute force protection management in BIG-IP Next Central Manager’s Policy Editor

• How to: Activating Brute Force Alarm login attempts from same user

• How to: Activate Brute Force Block login attempts from same IP