Bug ID 948241: Count Stateful anomalies based only on Device ID

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.0, 17.0.0.1, 16.1.3.1, 15.1.6.1, 14.1.5.1

Opened: Sep 24, 2020

Severity: 4-Minor

Symptoms

Currently when Device ID is enabled, the BIG-IP system counts stateful anomalies on both IP and Device ID. When a client has a proxy (without XFF), and many requests arrive with the same IP, this can cause false positives

Impact

False positives may occur in case of a proxy without XFF

Conditions

- Bot Defense profile is attached to a virtual server. - Bot Defense profile has "Browser Verification" set to "Verify After Access" or "Device ID Mode" set to "Generate After Access".

Workaround

None

Fix Information

Stateful anomalies are no longer counted on IP when Device ID is enabled

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips