Bug ID 957965: Request is blocked by 'CSRF attack detected' violation with 'CSRF token absent'

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.4

Opened: Oct 21, 2020

Severity: 2-Critical

Symptoms

Request is blocked by 'CSRF attack detected' violation.

Impact

False positive request blocking occurs.

Conditions

- ASM provisioned - ASM policy attached to a virtual server - CSRF protection enabled in an ASM policy

Workaround

Disable 'CSRF attack detected' violation in the ASM policy.

Fix Information

'CSRF attack detected' now works as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips