Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 15.0.0, 15.0.1
Fixed In:
15.1.0, 15.0.1.1, 14.1.0.6, 14.0.0.5, 13.1.3, 12.1.5
Opened: Mar 14, 2019 Severity: 3-Major Related Article:
K79240502
Bot Defense performs a reverse DNS for requests with User-Agents of known Search Engines. A cache is stored for legal / illegal requests to prevent querying the DNS again. This cache never expires, so in case of an initial misconfiguration, after fixing the DNS configuration, or routing or networking issue, the Search Engines may still be blocked until TMM is restarted.
Cache does not expire and is never updated, so it retains the misconfigured requests. As a result, valid Search Engines are getting blocked by Bot Defense.
-- Initial misconfiguration of DNS or routing or networking issue. -- Cache stores requests to prevent future queries to DNS. -- Correct the misconfiguration.
Restart TMM by running the following command: bigstart restart tmm
The internal DNS cache within Bot Defense and DoSL7 now expires after five minutes.