Bug ID 1043205: SSRF Violation should be shown as a Parameter Entity Reference.

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 17.0.0,,

Fixed In:

Opened: Aug 27, 2021
Severity: 3-Major


SSRF Violation is shown as a URL Entity Reference instead of a Parameter Entity Reference.


Wrong Entity Reference in the SSRF violation is misleading.


- Create a URI data type parameter - Add a host to the SSRF Host List - Send traffic which contains the URI parameter with the value configured in the SSRF Host List



Fix Information

Corrected the Entity reference as a parameter instead of a URL in the SSRF violation.

Behavior Change