Bug ID 691945: Security Policy Configuration Changes When Disabling Learning

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
14.0.0, 13.1.1.5, 12.1.4.1

Opened: Nov 01, 2017

Severity: 3-Major

Symptoms

When Learning is enabled in either manual or automatic mode, and is then disabled. This was considered to be the end of the learning process, and so changes are automatically made to the default wildcard entities ("*" URL, Parameter, Filetype) such as removing the element from staging. The user is not notified of these changes, and they may not be expected, leading to undesired security enforcement.

Impact

Unexpected changes to the default wildcard elements in the policy can lead to undesired security enforcement.

Conditions

-- Learning is enabled in Manual or Automatic mode. -- Learning is then disabled.

Workaround

The audit log shows all changes that were made to the policy, and undesired changes can be remedied before the policy changes are applied.

Fix Information

No changes are made to the default wildcard entities upon disabling of learning.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips