Bug ID 687986: High CPU consumption during signature generation, not limited number of signatures per virtual server

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP AFM, ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1

Fixed In:
13.1.0.2

Opened: Oct 10, 2017

Severity: 3-Major

Symptoms

The number of the signatures per virtual server is not limited. This can result in a very large number of generated signatures during sophisticated attacks that use changing patterns. After a time, when a system experiences a number of attacks, the list of generated signatures can be too long.

Impact

High CPU utilization when mitigating. Overloaded GUI signatures screen.

Conditions

-- Sophisticated attacks that use changing patterns. -- System experiences a large number of attacks.

Workaround

Manually remove old / not-often-used signatures.

Fix Information

The system now limits the number of signatures per virtual servers, and optimizes per-signatures operation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks