For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Jun 24, 2015

iControlREST: issue with security DOS path

I see, when doing

curl -k -u https:///mgmt/tm/security/dos/device-config

 

{
    "items": [
        {
            "dosDeviceVector": [
                {
                    "defaultInternalRateLimit": "100000",
                    "detectionThresholdPercent": "500",
                    "detectionThresholdPps": "10000",
                    "name": "arp-flood"
                },

 

when doing

 

curl -k -u  https://localhost/mgmt/tm/security/dos/device-config/stats
{
    "entries": {
        "https://localhost/mgmt/tm/security/dos/device-config/ARP%20flood/stats": {
            "nestedStats": {
                "entries": {
                    "common.attackCount": {
                        "value": 0
                    },

 

Note: "arp-flood" is now "ARP flood"

Then calling

 

curl -k -u  https://localhost/mgmt/tm/security/dos/device-config/ARP%20flood/stats

 

I get

 

{
    "code": 404,
    "errorStack": [],
    "message": "01020036:3: The requested DoS Device configuration (/Common/ARP) was not found."
}

 

advanced firewall manager
design
devops
iControlREST

2 Replies

  • amolari's avatar
    amolari
    Icon for Cirrostratus rankCirrostratus
    Aug 13, 2015

    after opening a case, it resulted in a bug opening:

    ID 534472 : iControl REST interface's mishandling of spaces in DoS stat names

    targeted to be fixed in a future 11.6.0 hotfix rollup