Overview: Login Pages for Secure Application Access¶
Most web applications use login pages as a way to secure the application and authenticate application users. A login page specifies the login URL in a web application that users must pass through to get to the authenticated URLs at the heart of the application.
Authenticated URLs are URLs that become accessible to users only after they successfully log in to the login URL. A logout URL is a URL that, if accessed, forces users to return to the login URL before re-accessing authenticated URLs. System administrators use these special URLs to prevent forceful browsing by causing users to pass through the login URL before viewing the restricted authenticated URLs. In addition to specifying the login URL, login pages in the security policy can also enforce access validation by defining access permissions for users.
In WAF, security policies use login pages for several features:
Login enforcement for secure application access
Session awareness
Brute force attack prevention
Integration with database security
Login enforcement specifies the authenticated URLs and logout URLs for the application. Session awareness provides tracking information of user sessions so that you can investigate suspicious activity and the attacker. Brute force protection prevents hackers from staging multiple attempts to guess user names and passwords so that they can log on to the application. Database security integration can use login pages to provide event notification and user data to a third-party database monitoring system.