Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusAny resource to learn the database key value of F5 BIG-IP ASM DoS protection
Hello Everyone, Greetings! There has been a lot of false positive regarding the behavioral and L7 DoS attacks on F5-protected services, and it has been a challenging task to point out the specifi...
for 16.1.4.1 here you can see the list of all the 2509 db variables
[root@F5-Design_Engg02:Active:Standalone] config # tmsh
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys db
Display all 2509 items? (y/n) y
Options:
all-properties one-line
non-default-properties |
Properties:
default-value value-range
scf-config {
value
Configuration Items:
acceleration.log.color merged.merge
Truncating the results due to 20k characters limit
arp.vlanpriority platform.diskmonitor.limitwarn.var
asm.asm_malicious_sources_monitoring_interval platform.diskmonitor.limitwarn.var_log
asm.brute_force_bypass_non_qualified_url platform.diskmonitor.limitwarn.var_loipc
asm.brute_force_end_attack_verification_time platform.diskmonitor.limitwarn.var_prompt
asm.brute_force_max_tmstat_entries platform.diskmonitor.limitwarn.var_tmstat
asm.brute_force_monitoring_interval platform.diskmonitor.limitwarn.vmdisk
asm.connlimit platform.diskmonitor.monitor._root_
asm.cookie_prefix platform.diskmonitor.monitor.appdata
asm.cookie_revision_base platform.diskmonitor.monitor.config
asm.cookie_suffix_base platform.diskmonitor.monitor.dev
asm.credential_stuffing_service platform.diskmonitor.monitor.dev_shm
asm.cs_challenge_length platform.diskmonitor.monitor.run
asm.cs_qualified_urls platform.diskmonitor.monitor.run_pamcache
asm.cshui_susp_event_bot_score platform.diskmonitor.monitor.shared
asm.csrf_rerun_interval platform.diskmonitor.monitor.shared_rrd.1.2
asm.fastl4_allow platform.diskmonitor.monitor.usr
asm.fictive_url platform.diskmonitor.monitor.var
asm.http_security_headers platform.diskmonitor.monitor.var_log
asm.ignore_bewaf platform.diskmonitor.monitor.var_loipc
asm.inject_apm_do_not_touch platform.diskmonitor.monitor.var_prompt
asm.inject_referrer_hook platform.diskmonitor.monitor.var_tmstat
asm.mobile_ua platform.diskmonitor.monitor.vmdisk
asm.restrict_asm_logs_access platform.diskmonitor.state
asm.risk_engine.salt.restart platform.diskmonitor.time
asm.session_transactions_sampling_rate platform.diskmonitor.time._root_
asm.strict_transport_policy platform.diskmonitor.time.appdata
asm.strip_asm_cookies platform.diskmonitor.time.config
asm.time_to_free_idle_umus_in_sec platform.diskmonitor.time.dev
asmconffailure.enabled platform.diskmonitor.time.dev_shm
asmconffailure.haaction.primary platform.diskmonitor.time.run
asmconffailure.haaction.secondary platform.diskmonitor.time.run_pamcache
auto.discover.flow.count platform.diskmonitor.time.shared
auto.discover.mvs.count platform.diskmonitor.time.shared_rrd.1.2
l4bdos.anomaly.detection.frequency tmm.pem.td.expected.num.conn
l4bdos.anomaly.threshold.floor tmm.pem.td.num.conn.wt
l4bdos.baseline.learning.period tmm.pem.td.sample.interval
l4bdos.collect.stats.frequency tmm.pem.td.tcpf.os.wt
l4bdos.dns.stress.compute.frequency tmm.pem.td.ttl.wt
l4bdos.ha.state.update.frequency tmm.pem.td.ua.os.wt
l4bdos.netflow.collect.frequency tmm.pkcs11d.invalidatekeyhandle
l4bdos.netflow.disable.selective.bins tmm.pkcs11d.loadkeyhandles
l4bdos.packet.sampling.interval tmm.pkcs11d.shmid
l4bdos.signature.disable.no_stats.periods tmm.policy.tracelevel
l4bdos.signature.sample.packet.frequency tmm.pop3.max_partial_connbytes
l4bdos.transient.signature.merge.periods tmm.pop3.max_partial_conncount
log.diameter.level tmm.websocket.deflate.memory.threshold
log.dosl7.acy.level tmm.websocket.inflate.max.ratio
log.dosl7.all.level tmm.wlite
log.dosl7.bot.level tmm.wlite.pinning
log.dosl7.challenge.level tmplugin.scheduler
log.dosl7.conf.level tmplugin.splitplanes.nice
log.dosl7.datasync.level tmrouted.gracefulrestartdelay
log.dosl7.main.level tmrouted.netlinkcmdidletimeout
log.dosl7.misc.level tmrouted.netlinklistenidletimeout
log.dosl7.mobile.level tmrouted.rhifailoverdelay
log.dosl7.tcl.level tmrouted.tmos.routing
log.dosprotect.level tmrouted.tmos.routing.status
I also use
list sys db all-properties one-line
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys db all-properties one-line
Display all 2509 items? (y/n) y
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list stsys db all-properties one-line
Display all 2509 items? (y/n) y
Truncating the results due to 20k characters limit
sys db asm.asm_malicious_sources_monitoring_interval { default-value "10" scf-config "true" value "10" value-range "unsigned integer min:1 max:1800" }
sys db asm.brute_force_bypass_non_qualified_url { default-value "false" scf-config "true" value "false" value-range "false true" }
sys db asm.brute_force_end_attack_verification_time { default-value "120" scf-config "true" value "120" value-range "unsigned integer min:1 max:1000" }
sys db asm.brute_force_max_tmstat_entries { default-value "10" scf-config "true" value "10" value-range "unsigned integer min:1 max:10000" }
sys db asm.brute_force_monitoring_interval { default-value "10" scf-config "true" value "10" value-range "unsigned integer min:1 max:60" }
sys db asm.connlimit { default-value "6000" scf-config "true" value "6000" value-range "integer min:0 max:4294967295" }
sys db asm.cookie_prefix { default-value "TS" scf-config "true" value "TS" value-range "string min-len:2 max-len:20" }
sys db asm.cookie_revision_base { default-value "0" scf-config "true" value "0" value-range "unsigned integer min:0 max:240" }
sys db asm.cookie_suffix_base { default-value "0" scf-config "true" value "0" value-range "unsigned integer min:0 max:900" }
sys db asm.credential_stuffing_service { default-value "enable" scf-config "true" value "enable" value-range "disable enable" }
sys db asm.cs_challenge_length { default-value "4" scf-config "true" value "4" value-range "unsigned integer min:1 max:7" }
sys db asm.cs_qualified_urls { default-value "," scf-config "true" value "," value-range "string" }
sys db asm.cshui_susp_event_bot_score { default-value "20" scf-config "true" value "20" value-range "unsigned integer min:0 max:10000000" }
sys db asm.csrf_rerun_interval { default-value "0" scf-config "true" value "0" value-range "unsigned integer min:0 max:10000" }
sys db asm.fastl4_allow { default-value "enable" scf-config "false" value "enable" value-range "disable enable" }
sys db asm.fictive_url { default-value "/TSbd/" scf-config "true" value "/TSbd/" value-range "string" }
sys db asm.http_security_headers { default-value "enable" scf-config "false" value "enable" value-range "disable enable" }
sys db asm.ignore_bewaf { default-value "false" scf-config "true" value "false" value-range "false true" }
sys db asm.inject_apm_do_not_touch { default-value "true" scf-config "true" value "true" value-range "false true" }
sys db asm.inject_referrer_hook { default-value "true" scf-config "true" value "true" value-range "false true" }
sys db asm.mobile_ua { default-value "," scf-config "true" value "," value-range "string" }
sys db asm.restrict_asm_logs_access { default-value "false" scf-config "true" value "false" value-range "false true" }
sys db asm.risk_engine.salt.restart { default-value "0" scf-config "true" value "0" value-range "unsigned integer min:0 max:2091752" }
---(less 9%)--- sys db asm.session_transactions_sampling_rate { default-value "10" scf-config "true" value "10" value-range "unsigned integer min:1 max:60" }
sys db asm.strict_transport_policy { default-value "disable" scf-config "false" value "disable" value-range "disable enable" }
sys db asm.strip_asm_cookies { default-value "true" scf-config "true" value "true" value-range "false true" }
sys db asm.time_to_free_idle_umus_in_sec { default-value "0" scf-config "true" value "0" value-range "unsigned integer min:0 max:1800" }
sys db asmconffailure.enabled { default-value "true" scf-config "true" value "true" value-range "false true" }
sys db asmconffailure.haaction.primary { default-value "restart_all" scf-config "true" value "restart_all" value-range "go_offline go_offline_downlinks no_action restart_all" }
sys db asmconffailure.haaction.secondary { default-value "go_offline" scf-config "true" value "go_offline" value-range "go_offline go_offline_downlinks no_action restart_all" }
sys db auto.discover.flow.count { default-value "3" scf-config "true" value "3" value-range "unsigned integer min:1 max:65530" }