Bug ID 522043: ASM triggers geo-based dos mitigation against RFC1918 addresses.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
13.0.0

Opened: May 07, 2015

Severity: 3-Major

Symptoms

A geo-based IP mitigation dos attacked started against an internal IP address.

Impact

All internal addresses getting blocked as a geo location.

Conditions

Traffic from internal addresses is arriving to the system. A geo location mitigation is configured for DosL7.

Workaround

Whitelist the internal addresses. Note: Doing this prevents all types of mitigation from these IP addresses.

Fix Information

RFC1918 is not considered as a geolocation and during geolocation mitigation, traffic from these IPs will not get dropped. These IP addresses can still get mitigated during other mitigations. A new internal parameter, DOSL7.geolocation_drop_private_ips, default disable, is introduced. When enabled, the system changes this behavior so internal IP addresses do mitigate in the geolocation mitigation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips