Bug ID 868641: Possible TMM crash when disabling bot profile for the entire connection

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5

Fixed In:
16.0.0, 15.1.1, 14.1.2.7

Opened: Jan 12, 2020

Severity: 2-Critical

Symptoms

When using an iRule to disable bot profile, and causing it to be disabled (for the entire connection) during a CAPTCHA challenge -- TMM will crash.

Impact

Traffic disrupted while tmm restarts.

Conditions

-- Bot Defense profile is attached to the Virtual Server, with a CAPTCHA mitigation. -- An iRule is attached to the virtual server, which disables bot profile. -- Sending a request that is responded with a CAPTCHA, then sending (in the same connection), a request that disable the bot profile, and then answering the CAPTCHA.

Workaround

When using an iRule to disable bot defense profile on certain conditions, add an "else" clause for re-enabling the profile, taking note that all ::disable iRule commands are effective for the entire connection, and not just the transaction.

Fix Information

TMM no longer crashes when disabling bot defense profile for the entire connection.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips