Bug ID 917833: When 'dos.wl_match_mode_include' is set to true, must be specified in the address field.

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2

Opened: Jun 15, 2020
Severity: 3-Major


Adding a whitelist entry, or enabling the 'dos.wl_match_mode_include' variable, fails if a whitelist entry exists with a blank value for the address field. This occurs is because a blank address field in a whitelist entry includes all IPv4 and all IPv6 addresses, but the db variable being set to 'true' is supported only for matching IPv4 addresses.


The whitelist configuration fails. This is working as designed. The system might report messages: -- 'transaction failed:"" Invalid address format'. This message indicates that "" (blank, which is how it processes the default value of ::(::/0 IPv6)) is not a valid format. -- 'transaction failed:01071dc5:3: Extended white list entries may not contain IPv6 addresses when db variable dos.wl_match_mode_include is set to true'. This message explains that IPv6 addresses are not supported by the 'dos.wl_match_mode_include' db variable.


-- Enabling the 'dos.wl_match_mode_include' variable. -- Whitelist entry exists with a blank value for the address field.


To match on all supported IP addresses, manually specify all IPv4 addresses in the field using ''.

Fix Information


Behavior Change