Bug ID 552139: ASM limitation in the pattern matching matrix builtup

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.2.1, 11.5.1, 11.5.2, 11.5.3, 11.6.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4, 11.4.1 HF10, 10.2.4 HF13

Opened: Oct 13, 2015

Severity: 2-Critical

Related Article: K61834804


The signature configuration is not building up upon adding new signatures. This can look like a configuration change is not finishing, or if it does, it may result in crashes when the Enforcer starts up resulting in constant startups.


Configuration change doesn't finish or crashes in the ASM startup (which results in constant startups of the system).


Too many signatures are configured with custom signatures. The exact number varies (depending on the signature) but hundreds of signatures may be enough to trigger it.


Workarounds are possible only in a custom signature scenario, only using fewer signatures or by removing unused signatures.

Fix Information

Fixed a limitation in the attack signature engine.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips