Bug ID 423534: Aggregated URL entities are not being ignored by DoSL7

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF6

Opened: Jun 18, 2013

Severity: 3-Major

Related Article: K04204868

Symptoms

When there are a high number of URL's being accessed, the aggregated URL will be used. In this case, DoSL7 will falsely detect and report an attack.

Impact

When there are a high number of URLs being accessed, the aggregated URL will be used. In this case, DoSL7 will falsely detect and report an attack.

Conditions

Enabled DoSL7 with latency-based or tps-based.

Workaround

This issue has no workaround at this time.

Fix Information

We fixed an issue that sometimes caused a DoS Layer 7 attack to be falsely detected during memory exhaustion scenarios, and reported as coming from the "Aggregated" URL.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips