Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP ASM
Fixed In:
13.0.0
Opened: Jul 19, 2016 Severity: 4-Minor
tmsh "ip-whitelist" field DOS application is deprecated, but is still included for backward-compatibility. Since 13.x, it is not recommended to use the following tmsh command to add/modify white IP addresses for DOS application profiles. The "ip-whitelist" field is deprecated in 13.x. To configure the whitelist, use a generic global IP addresses list object. *NOT recommended usage* modify security dos profile dos application modify { all { ip-whitelist add { 8.8.8.8 } } }. *Recommended usage* create security shared-objects address-list dos_auto_http_white_ips_list addresses add { 8.8.8.8 } modify security dos profile dos http-whitelist dos_auto_http_white_ips_list
When using the deprecated commands to configure a white IP address list for the DOS application profile. Although there is a warning displayed, the white IP address is added to the profile automatically via a generic global IPs list object, and the list is auto generated using the following name: dos_auto_http_white_ips_list.
ASM or Purpose built DoS provisioned and a white IP address needs to be configured on the DOS application profile.
Use the following commands: create security shared-objects address-list dos_auto_http_white_ips_list addresses add { 8.8.8.8 }. modify security dos profile dos http-whitelist dos_auto_http_white_ips_list.
This version provides an option to configure a white IP address on the DOS application profile using a deprecated "ip-whitelist" field, the command works and creates a generic IP addresses list automatically, and attaches the list to the DOS profile.
When using the deprecated commands to configure a white IP address list for the DOS application profile. Although there is a warning displayed, the white IP address is added to the profile automatically via a generic global IPs list object, and the list is auto generated using the following name: dos_auto_http_white_ips_list.