Bug ID 429434: During L7 DoS attacks with rate-limit mitigation the drop ratio may not increase above 95%

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4, 11.3.0 HF8

Opened: Sep 01, 2013

Severity: 3-Major

Symptoms

During L7 DoS attacks that are mitigated with rate-limit, the drop ratio may remain around 95% and not increase further.

Impact

Some attacking traffic (between 0% and 5%) will reach the back-end server instead of being dropped.

Conditions

During L7 DoS attacks in a DoS profile with TPS-based or Latency-based enabled and Rate-Limit Mitigation activated.

Workaround

None.

Fix Information

The Rate-Limit Mitigation of L7 DoS attacks now blocks all traffic of attack entities in cases of traffic that is increased by 95% or more.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks