Bug ID 437696: Within DoSL7D Transparent attack starts on latency mode with no suspicious entities.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0

Opened: Nov 13, 2013
Severity: 3-Major
Related AskF5 Article:
K08514617

Symptoms

DoSL7D Transparent reports on attack based latency mode with no suspicious entities.

Impact

When the Latency-based detection is set to Transparent, an attack will be reported as soon as high latency is detected. In Blocking mode, a latency-based attack only starts when there is at least one suspicious entity by TPS or a heavy URL (11.5.0 and up).

Conditions

When the Latency-based detection is set to Transparent.

Workaround

This issue has no workaround at this time.

Fix Information

Application DoS: When Latency-based detection is set to Transparent, a latency-based attack is reported when there is at least one suspicious entity by TPS (or a heavy URL in version 11.5.0). This is consistent with Blocking mode. Previously, this type of attack was reported in Transparent mode as soon as the system detected high latency, even before the system detected a suspicious entity.

Behavior Change