Vsevolod_Petrov
May 19, 2014Cirrostratus
OWA bruteforce protection with ASM
Hi,
Have you ever tried to protect MS Outlook Web Access login page with ASM? I'm trying to set up brute force protection but don't have any luck.
I made a login page with the following parameters:
Login URL Explicit HTTPS /owa/auth.owa
Authentication Type HTML Form
Username Parameter Name username
Password Parameter Name password
Expected HTTP response status code 302
With this configuration I can see all requests including usernames in the Event Viewer. I expected that after enabling brute force protection for my login page I will have this page protected. But I don't.
Could you please share with me your experience?