Bug ID 743464: DoSL7 attack is not detected when using multiple profiles with Behavioral Detection

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Sep 10, 2018

Severity: 3-Major


Setting up multiple DoS Application Profiles on the same Virtual Server via either iRules or LTM Policies causes DoSL7 attacks to not be detected or mitigated, if one of the profiles has Behavioral Detection enabled.


DoSL7 attacks are not detected and not mitigated, with no indication that they are not.


-- Multiple DoS profiles are configured on a single Virtual Server, either using the iRule DOSL7::enable command, or LTM Policies controlling the DoS profile. -- One of the DoS profiles on the Virtual Server has Behavioral Detection enabled, even if the Stress-Based Operation Mode is set to Off.


Disable Behavioral Detection on all of the DoS profiles that are directly or indirectly associated with the Virtual Server. If Stress-Based Operation Mode is set to Off, then you might need to temporarily set Stress-Based to Transparent, disable the Behavioral checkboxes, and then set Stress-Based Operation mode back to Off.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips