Last Modified: May 09, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1
Opened: Mar 24, 2023 Severity: 3-Major
Illegal URL violation is triggered for Allowed URL(s).
Requests get blocked with an 'Illegal URL' violation despite the it being defined as an Allowed URL because the URL object's Content-Profile reference does not get inserted and is missing in the MySQL database post-upgrade.
The conditions that trigger this issue post-upgrade are unknown at this time and the occurrence is rare.
- Delete the problematic URL within the 'Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs' section in Configuration Utility. - Re-create the URL again. - Save the changes with the 'Apply Policy' task.
None