Removing F5 Leaked Credential Check (LCC) config from BIG-IP AWAF

The below provide a guideline to remove the F5 Leaked Credentials Check (LCC) configuration.

Leaked Credential Check

The F5 Leaked Credential Check feature is configured as an add-on service to F5 BIG-IP Advanced WAF.  

  • On the Main tab, click Security > Application Security > Security Policies.
  • You need to do the following for every policy with configured Leaked Credential Check 
    • Select the security policy you want to work on. Select Advanced Protection > Brute Force  Prevention on the left side of the screen.
  •  Click on every login page in the list and do the following:
    • In the Leaked Credentials Detection section, disable Detection.
  •  In the Distributed Brute Force Protection section, for Detect Credential Stuffing Attack, select Never.

Cloud Service removal 

In the Distributed Cloud Services ›› Cloud Services: Cloud Security Services Applications, select your custom f5-credential-stuffing-cloud-app and press delete. 

If you have added a load balancer, a route, gateway etc. to enable this service and these are not needed anymore, please remove these as well.

Optional:

In the Application Security: Policy Building: Learning and Blocking Settings, remove the alarm and block from the Leaked Credentials Detection violation.

Published Jun 20, 2024
Version 1.0
announcement
BIG-IP Advanced WAF
BIG-IP AWAF
security

Was this article helpful?

No CommentsBe the first to comment