Bug ID 1021637: In some cases BD enforces CSRF on all URLs, ignoring CSRF URLs

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0

Opened: May 26, 2021
Severity: 4-Minor

Symptoms

CSRF is sometimes enforced on URLs that do not match the CSRF URLs list

Impact

URLs that do not match the CSRF URLs list can be blocked due to CSRF violation.

Conditions

ASM policy with CSRF settings

Workaround

None

Fix Information

None

Behavior Change