Bug ID 429434: During L7 DoS attacks with rate-limit mitigation the drop ratio may not increase above 95%

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4, 11.3.0 HF8

Opened: Sep 01, 2013

Severity: 3-Major


During L7 DoS attacks that are mitigated with rate-limit, the drop ratio may remain around 95% and not increase further.


Some attacking traffic (between 0% and 5%) will reach the back-end server instead of being dropped.


During L7 DoS attacks in a DoS profile with TPS-based or Latency-based enabled and Rate-Limit Mitigation activated.



Fix Information

The Rate-Limit Mitigation of L7 DoS attacks now blocks all traffic of attack entities in cases of traffic that is increased by 95% or more.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips