Last Modified: May 29, 2024
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1
Fixed In:
15.1.0, 15.0.1.1, 14.1.2.3, 14.0.1.1
Opened: Sep 04, 2019 Severity: 3-Major
Wildcard URLs has a flag (include_query_string) which indicates if the matching should include traffic URL's QS or not For example, if the traffic URL is '/path?a=b' and configured URL is '/path*b': 1. if include QS enabled, URL is matched 2. otherwise, no match (since matching against '/path' only) if there are no configured URLs with "Include Query String" enabled, matching may be wrong
URL is incorrectly matched (when it either shouldn't be matched at all or should match another configured URL). Features/signatures might not work as expected.
1. Wildcard URL configured in anti-fraud profile (URL name contains an asterisk) 2. None of the configured URLs has "Include Query String" enabled 3. Traffic URL contains a query-string
Configure at least one URL with "Include Query String" enabled
FPS should match query string correctly (according to configuration)