Hannes_Rapp
Sep 15, 2016Nimbostratus
IP Whitelist in DOS Profile
Hello dears,
I'm observing a behavior where a whitelisted IP address (DOS profile) is being rate limited.
Version: 11.5.3 BigIP ASM
Have also tested in v12.1.1 and the outcome is the same. Only after configuring the IP in a second whitelist (ASM profile), the mitigation stops. Why does the IP whitelist in DOS profile exist if this setting alone does not stop the mitigation?
Configuration:
Security ›› DoS Protection : DoS Profiles ›› DoS Profile Properties
- IP Address whitelist (Single /32 IP included)
- Source IP-Based Client Side Integrity Defense (CHECK)
- Source IP-Based Rate Limiting (CHECK)
- All other options (NO CHECK)
Event logs:
2016-09-15 14:36:01 Attack started DOS L7 attack Source IP-Based Client Side Integrity Defense x.x.x.x 5 tps 59198038
Reporting:
Dropped requests: 18