Bug ID 1110281: Behavioral DoS does not ignore non-http traffic when disabled via iRule HTTP::disable and DOSL7::disable

Last Modified: Jun 15, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5

Opened: May 27, 2022
Severity: 3-Major

Symptoms

Non-HTTP traffic is not forwarded to the backend server.

Impact

Broken webapps with non-HTTP traffic.

Conditions

- ASM provisioned - Behavioral DoS profile assigned to a virtual server - DOSL7::disable and HTTP::disable applied at when CLIENT_ACCEPTED {}

Workaround

Instead of using DOSL7::disable, redirect non-HTTP traffic to a non-HTTP aware virtual server using the iRule command virtual <virtual_server_name>.

Fix Information

None

Behavior Change