Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Fixed In:
15.0.0, 13.1.1.4
Opened: Nov 05, 2018 Severity: 3-Major
The Bot Detection feature / Bot Defense profile includes JavaScript which is injected within <APM_DO_NOT_TOUCH> tags. Some web applications may be displayed incorrectly due to these tags.
Some web applications may be displayed incorrectly.
- Your application includes JavaScript which dynamically adds HTML elements and expects a certain set of tags in the <head> section of the HTML. - Bot Detection / Bot Defense are enabled.
None
There is now an ASM Internal Parameter 'inject_apm_do_not_touch' and a db variable 'asm.inject_apm_do_not_touch', which can be disabled (modify sys db asm.inject_apm_do_not_touch value false) to prevent the <APM_DO_NOT_TOUCH> tag from being injected, thus allowing the application to be displayed correctly.
This release provides an ASM Internal Parameter 'inject_apm_do_not_touch', and a db variable 'asm.inject_apm_do_not_touch', which can be disabled (the default is enabled) to prevent the <APM_DO_NOT_TOUCH> tag from being injected, thus allowing the application to be displayed correctly. To disable db variable, run the following command: modify sys db asm.inject_apm_do_not_touch value false