Last Modified: Nov 07, 2022
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 11.6.4, 11.6.5, 184.108.40.206, 220.127.116.11, 18.104.22.168
Opened: May 07, 2015 Severity: 3-Major
A geo-based IP mitigation dos attacked started against an internal IP address.
All internal addresses getting blocked as a geo location.
Traffic from internal addresses is arriving to the system. A geo location mitigation is configured for DosL7.
Whitelist the internal addresses. Note: Doing this prevents all types of mitigation from these IP addresses.
RFC1918 is not considered as a geolocation and during geolocation mitigation, traffic from these IPs will not get dropped. These IP addresses can still get mitigated during other mitigations. A new internal parameter, DOSL7.geolocation_drop_private_ips, default disable, is introduced. When enabled, the system changes this behavior so internal IP addresses do mitigate in the geolocation mitigation.