Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
13.0.0
Opened: Mar 09, 2016 Severity: 3-Major Related Article:
K32015290
Only IP addresses included in the default DoS profile whitelist are treated as whitelisted. Transactions associated with a non-default DoS profile are put through DoS checks, even when their IP addresses are included in the non-default DoS profile's whitelist.
IP addresses configured to be blocked or allowed may be processed differently than expected.
When configuring a DoS profile that is not used as the default profile, but rather is dynamically attached to certain transactions (via iRule or CPM), the IP addresses included in this DoS profile's whitelist are ignored and the IP addresses included in the default DoS profile's whitelist are implemented as whitelisted.
None.
When a transaction is dynamically attached to a non-default DoS profile, the IP addresses defined in the selected profile's whitelist are correctly allowed or blocked, as expected.