Bug ID 900793: APM Brute Force Protection resources do not scale automatically

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 16.0.0, 16.0.0.1

Fixed In:
16.1.0, 16.0.1, 15.1.0.5, 15.0.1.4, 14.1.2.7, 13.1.3.5

Opened: Apr 17, 2020

Severity: 3-Major

Related Article: K32055534

Symptoms

Under certain conditions, resources for Brute Force Protection must be manually scaled by administrators to provide full protection.

Impact

Administrators must manually change the hash size upon need instead of relying on the automatic configuration.

Conditions

-- Many virtual server (hundreds) that have web application protection with brute force protection enabled. -- Numerous failed login requests coming to all virtual servers all the time.

Workaround

Set the internal parameter external_entity_hash_size to 0 to allow automatic recalculation of the correct value.

Fix Information

Brute Force Protection resources are now scaled automatically based on available system resources.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips