Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4
Fixed In:
14.0.0, 13.1.0.5
Opened: Dec 14, 2016 Severity: 3-Major
The Datasync Background Tasks are running daily for several hours and consuming CPU. This is expected and required to generated dynamic versions of obfuscated JavaScript. However, this is running even if there are no features enabled which require JavaScript.
Spikes of daily CPU usage during several hours even if there are no features requiring JavaScript.
ASM is provisioned.
If there are no features requiring JavaScript, then this command limits to a single version of obfuscated JavaScript, causing this CPU spike to remain a short one, and only once daily. tmsh modify security datasync local-profile cs-asm-dosl7 max-gen-rows 1 Important: It is not recommended to keep this configuration if any of the JavaScript features are enabled in either ASM Policy or DoS profile, because it will significantly reduce the JavaScript security. To re-enable full JavaScript obfuscation, run this command: tmsh modify security datasync local-profile cs-asm-dosl7 max-gen-rows infinite The log /var/log/datasync/datasyncd.log can be used to monitor the Background Tasks.
The Datasync Background Tasks are now running only if there are features requiring JavaScript.