Bug ID 608826: Greylist (bad actors list) is not cleaned when attack ends

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2

Opened: Aug 03, 2016
Severity: 4-Minor

Symptoms

When attack ends the greylist (detected bad actors) remains till the timeout expiration.

Impact

If new attack will start sooner than greylist expiration time, greylist member will be mitigated even if they are not related to the current attack.

Conditions

Detected bad actors and attack end.

Workaround

It it's necessary it's possible to clear greylist manually using ipidr utility.

Fix Information

Clear the greylist upon attack end.

Behavior Change