Bug ID 922597: BADOS default sensitivity of 50 creates false positive attack on some sites

Last Modified: Oct 19, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 16.0.0, 16.0.0.1

Opened: Jul 01, 2020
Severity: 3-Major

Symptoms

False DoS attack detected. Behavioral DoS (ASM) might block legitimate traffic.

Impact

False DoS attack detected. Behavioral DoS (ASM) can block legitimate traffic.

Conditions

This can occur for some requests that have high latency and low TPS.

Workaround

Modify the default sensitivity value from 50 to 500: tmsh modify sys db adm.health.sensitivity value 500 For some sites with server latency issues, you might also have to increase the health.sensitivity value; 1000 is a reasonable number. The results is that the attack is declared later than for the default value, but it is declared and the site is protected.

Fix Information

None

Behavior Change