Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.3.0
Fixed In:
11.3.0 HF6
Opened: Jun 03, 2013 Severity: 3-Major
A crash of the bd process (the ASM enforcer) occurs when deleting an HTTP Class that has an ongoing Web Scraping attack. This happens if during a Web Scraping attack, the HTTP Class is detached from all Virtual Servers and immediately deleted. The crash happens about two minutes later.
Crash and restart of the ASM enforcer; traffic may be held during the restart, or a fail-over event may occur.
HTTP Class with ASM Policy that has Web Scraping enabled. Will happen only if deleting an HTTP Class with on ongoing Web Scraping attack.
Before deleting an HTTP Class, make sure that it does not have any ongoing Web Scraping attacks using the GUI page Security >> Event Logs : Application : Web Scraping Statistics. If an attack is ongoing, wait until it has ended. The attack should stop a few minutes after detaching the HTTP Class from all the Virtual Servers.
The Enforcer no longer crashes when an HTTP Class, that had an ongoing web scraping attack, was deleted from the configuration.