Bug ID 422511: Crash of bd process when an HTTP Class is deleted during a Web Scraping attack

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0

Fixed In:
11.3.0 HF6

Opened: Jun 03, 2013
Severity: 3-Major

Symptoms

A crash of the bd process (the ASM enforcer) occurs when deleting an HTTP Class that has an ongoing Web Scraping attack. This happens if during a Web Scraping attack, the HTTP Class is detached from all Virtual Servers and immediately deleted. The crash happens about two minutes later.

Impact

Crash and restart of the ASM enforcer; traffic may be held during the restart, or a fail-over event may occur.

Conditions

HTTP Class with ASM Policy that has Web Scraping enabled. Will happen only if deleting an HTTP Class with on ongoing Web Scraping attack.

Workaround

Before deleting an HTTP Class, make sure that it does not have any ongoing Web Scraping attacks using the GUI page Security >> Event Logs : Application : Web Scraping Statistics. If an attack is ongoing, wait until it has ended. The attack should stop a few minutes after detaching the HTTP Class from all the Virtual Servers.

Fix Information

The Enforcer no longer crashes when an HTTP Class, that had an ongoing web scraping attack, was deleted from the configuration.

Behavior Change