Bug ID 1128977: When the device DoS vector rate-limit setting is configured to a low value, sampled attack log messages are not logged

Last Modified: Mar 30, 2024

Affected Product(s):
BIG-IP Velos(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7

Fixed In:
17.1.0, 15.1.8

Opened: Jul 26, 2022

Severity: 3-Major

Symptoms

On hardware platforms, with the default-internal-rate-limit of a device DoS vector being set to a low number, there is no sampled attack message in the log, even when the attack is being detected.

Impact

No visibility of the attack after being detected.

Conditions

- Setting the default-internal-rate-limit of the targeted device DoS vector to a low number. - Detect attack.

Workaround

Use a higher number for the default-internal-rate-limit of the targeted device DoS vector.

Fix Information

The sampled attack log message is displayed even when a lower number is used for the default-internal-rate-limit value.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips