Last Modified: Nov 07, 2022
See more info
BIG-IP AFM, ASM
Known Affected Versions:
13.1.0, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 13.1.1, 14.0.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11
14.1.0, 18.104.22.168, 22.214.171.124
Opened: May 17, 2018
There is probability that the generated signatures will block unknown traffic (the traffic that was not presenting before the attack) even if it's not necessary from service health perspective
The signatures may block unknown traffic even if it's not necessary from S/H perspective
Run attack traffic. In parallel run unknown traffic. It should exceed the learned baseline together with the good traffic.
There is no workaround at this time.
Implement adaptive ratio threshold for covering current bad traffic samples. The ratio increases as long as the health is not good. If the health returns to good levels (below one) the ratio is restarted to the initial value.