Bug ID 917833: When 'dos.wl_match_mode_include' is set to true, 0.0.0.0 must be specified in the address field.

Last Modified: Jul 29, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 16.0.0

Opened: Jun 15, 2020
Severity: 3-Major

Symptoms

Adding a whitelist entry, or enabling the 'dos.wl_match_mode_include' variable, fails if a whitelist entry exists with a blank value for the address field. This occurs is because a blank address field in a whitelist entry includes all IPv4 and all IPv6 addresses, but the db variable being set to 'true' is supported only for matching IPv4 addresses.

Impact

The whitelist configuration fails. This is working as designed. The system might report messages: -- 'transaction failed:"" Invalid address format'. This message indicates that "" (blank, which is how it processes the default value of ::(::/0 IPv6)) is not a valid format. -- 'transaction failed:01071dc5:3: Extended white list entries may not contain IPv6 addresses when db variable dos.wl_match_mode_include is set to true'. This message explains that IPv6 addresses are not supported by the 'dos.wl_match_mode_include' db variable.

Conditions

-- Enabling the 'dos.wl_match_mode_include' variable. -- Whitelist entry exists with a blank value for the address field.

Workaround

To match on all supported IP addresses, manually specify all IPv4 addresses in the field using '0.0.0.0'.

Fix Information

None

Behavior Change