Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM, AVR
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF4
Opened: Aug 07, 2014 Severity: 3-Major Related Article:
K10035412
Sometimes customers are getting empty values within dos_attack_id and dos_mitigation_action fields in the remote logger.
Sometimes customers are getting empty values within dos_attack_id and dos_mitigation_action fields in the remote logger.
When proactive is turned on attack logs are issued without attack.
This issue has no workaround at this time.
DoS for Application Security now reports suspicious entities only if the application is under attack, or as part of proactive mitigation. DoS for Application Security no longer reports suspicious entities if an attack has not occurred, because this led to logs with empty attack IDs and blank mitigation methods.