Bug ID 746875: When the rate-limit setting is configured to a low value, sampled attack log messages are not logged

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6

Fixed In:
15.0.0

Opened: Oct 15, 2018
Severity: 3-Major

Symptoms

On hardware platforms, with the default-internal-rate-limit of a DoS vector being set to a low number, there is no sampled attack message in the log, even the attack is being detected.

Impact

No visibility of the attack after being detected.

Conditions

-- Setting the default-internal-rate-limit of the targeted DoS vector to a low number, e.g., 2. -- Detect attack.

Workaround

Use a higher number for the default-internal-rate-limit of the targeted DoS vector.

Fix Information

A low default-internal-rate-limit value does not create problem. The sampled attack log message is being shown.

Behavior Change