Bug ID 1003765: Authorization header signature triggered even when explicitly disabled

Last Modified: Sep 29, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2

Fixed In:
15.1.4.1

Opened: Mar 18, 2021
Severity: 4-Minor

Symptoms

Requests with base64 encoded Authorization header with disabled signatures might result in a blocking page even though the specific signature is disabled.

Impact

A signature violation is detected, even though the signature is disabled.

Conditions

Base64 encoded Authorization header is included in the request.

Workaround

None

Fix Information

No violation for disabled signatures.

Behavior Change