Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Opened: Jul 28, 2021 Severity: 3-Major
Chrome ignores cross-site bot-defense cookies when bot-defense is sending 307 redirect.
The other site/domain resource will not display correctly on Chrome
A site is using another site/domain resources that are also protected by bot-defense
iRule work-around based on:https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM. Or, disabling simple redicret via TMSH: tmsh modify sys db dosl7.proactive_defense_simple_redirect { value "disable" } tmsh modify sys db dosl7.proactive_defense_simple_redirect_on_grace { value "disable" }
None