Bug ID 1013813: Advanced WAF GraphQL support

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
16.1.0

Opened: Apr 22, 2021

Severity: 3-Major

Symptoms

GraphQL queries payload causes lots of false positive signautres.

Impact

Lots of false positives.

Conditions

GraphQL payload arriving to ASM.

Workaround

N/A

Fix Information

BIG-IP Advanced WAF now supports GraphQL. GraphQL queries are parsed and signatures are applied on the relevant parts of the query, and Advanced WAF can perform introspection mitigation, syntax enforcement, max query depth and additional settings mitigations.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips