Credential Attack Protection and Privileged Account Protection are powerful tools for preventing account takeover. For these to effectively protect your application, you must provide some information about your login form. This allows WAF-as-a-Service to understand your login form's login method and the parameters used for the username and password fields, making suspicious login attempts easier to identify.
Configure Login Form Information
- From App Profiles, add Form Protection to the desired URL.
In the right side panel find Login Form Information and click on it.
- Configure form information:
- Login form type – Select the login method used by your form.
- User name parameter – Enter the parameter name for this form field. (i.e. "username", "email", "fullname", etc.)
- Password parameter – Enter the parameter name for the password field. (i.e. "password", "pword", etc.)
- Click Save.