Last Modified: Dec 31, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2
Opened: Oct 04, 2024 Severity: 4-Minor
%BOTDEFENSE.support_id% may include leading white space(s)
Leading white space(s). Using the default response page, there will be no issue because of the leading white space(s). If you are using custom response page and you are constructing a string that does not expect white space in middle of it, this causes unexpected string outcome. e.g : you are constructing an URL, it could include white space(s) after 'BOT-' that can be a problem. https://test/BOT-%BOTDEFENSE.support_id%
Using %BOTDEFENSE.support_id% command
You can remove white space(s) using javascript === <html><head><title>Request Rejected</title></head><body> The requested URL was rejected. <br> Please find its details at this URL: <br> <dev id="support_url"></div> <script> window.addEventListener('load',function(){ document.getElementById('support_url').textContent = 'https://test/BOT-%BOTDEFENSE.support_id%'.replace(/ +/g, ''); }) </script> </body></html> ===
None