Bug ID 1021637: In some cases BD enforces CSRF on all URLs, ignoring CSRF URLs

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
17.1.0, 16.1.2.2, 15.1.6.1

Opened: May 26, 2021

Severity: 4-Minor

Symptoms

CSRF is sometimes enforced on URLs that do not match the CSRF URLs list

Impact

URLs that do not match the CSRF URLs list can be blocked due to CSRF violation.

Conditions

ASM policy with CSRF settings

Workaround

None

Fix Information

N/A

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips