Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1
Fixed In:
14.1.0, 14.0.1.1, 13.1.0.8
Opened: May 09, 2018 Severity: 3-Major
Multipart/form-data requests are not supported in FPS. FPS-protected pages which have the enhanced data-manipulation feature enabled, may generate a false-positive 'missing strong integrity parameter' alert for multipart/form-data requests.
False-positive 'missing strong integrity parameter' alert.
-- FPS profile attached to a virtual server. -- Multipart/form-data requests to a URL. -- Enhanced data-manipulation feature enabled on a protected URL.
Use the ANTIFRAUD::disable_alert iRule command to drop the alert: (set the static::drop_alert variable, probably matching URL name and checking that Content-Type header starts with 'multipart/form-data') when ANTIFRAUD_ALERT { if {$static::drop_alert eq 1 && [ANTIFRAUD::alert_type] eq "vtoken" && [ANTIFRAUD::alert_component] eq "no_strong_integrity_param" } { ANTIFRAUD::disable_alert set static::drop_alert 0 } }
FPS no longer sends automatic-transaction alerts for unsupported requests, so multipart/form-data requests no longer generate false positive 'missing strong integrity parameter' alerts.