Bug ID 746875: When the rate-limit setting is configured to a low value, sampled attack log messages are not logged

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4

Fixed In:
15.0.0

Opened: Oct 15, 2018
Severity: 3-Major

Symptoms

On hardware platforms, with the default-internal-rate-limit of a DoS vector being set to a low number, there is no sampled attack message in the log, even the attack is being detected.

Impact

No visibility of the attack after being detected.

Conditions

-- Setting the default-internal-rate-limit of the targeted DoS vector to a low number, e.g., 2. -- Detect attack.

Workaround

Use a higher number for the default-internal-rate-limit of the targeted DoS vector.

Fix Information

A low default-internal-rate-limit value does not create problem. The sampled attack log message is being shown.

Behavior Change