Bug ID 1167649: Valid requests are blocked by attack signatures on authorization header

Last Modified: Apr 11, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Oct 06, 2022

Severity: 3-Major

Symptoms

When using bearer authorization header with JWT, valid requests are blocked due to false positive attack signature match.

Impact

False positive attack signature can be detected on signature part of JWT token since it is binary data.

Conditions

Bearer authorization with JWT token is used.

Workaround

Disable certain attack signatures which are being detected on requests.

Fix Information

Attack signature check will not be done on signature part of JWT token which has binary data.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips