Bug ID 429434: During L7 DoS attacks with rate-limit mitigation the drop ratio may not increase above 95%

Last Modified: Nov 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4, 11.3.0 HF8

Opened: Sep 01, 2013
Severity: 3-Major

Symptoms

During L7 DoS attacks that are mitigated with rate-limit, the drop ratio may remain around 95% and not increase further.

Impact

Some attacking traffic (between 0% and 5%) will reach the back-end server instead of being dropped.

Conditions

During L7 DoS attacks in a DoS profile with TPS-based or Latency-based enabled and Rate-Limit Mitigation activated.

Workaround

None.

Fix Information

The Rate-Limit Mitigation of L7 DoS attacks now blocks all traffic of attack entities in cases of traffic that is increased by 95% or more.

Behavior Change