Bug ID 687986: High CPU consumption during signature generation, not limited number of signatures per virtual server

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM, ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1

Fixed In:
13.1.0.2

Opened: Oct 10, 2017
Severity: 3-Major

Symptoms

The number of the signatures per virtual server is not limited. This can result in a very large number of generated signatures during sophisticated attacks that use changing patterns. After a time, when a system experiences a number of attacks, the list of generated signatures can be too long.

Impact

High CPU utilization when mitigating. Overloaded GUI signatures screen.

Conditions

-- Sophisticated attacks that use changing patterns. -- System experiences a large number of attacks.

Workaround

Manually remove old / not-often-used signatures.

Fix Information

The system now limits the number of signatures per virtual servers, and optimizes per-signatures operation.

Behavior Change