Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM, ASM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4
Fixed In:
14.1.0, 14.0.0.5, 13.1.1.2
Opened: May 17, 2018 Severity: 3-Major
There is probability that the generated signatures will block unknown traffic (the traffic that was not presenting before the attack) even if it's not necessary from service health perspective
The signatures may block unknown traffic even if it's not necessary from S/H perspective
Run attack traffic. In parallel run unknown traffic. It should exceed the learned baseline together with the good traffic.
There is no workaround at this time.
Implement adaptive ratio threshold for covering current bad traffic samples. The ratio increases as long as the health is not good. If the health returns to good levels (below one) the ratio is restarted to the initial value.