Bug ID 1043205: SSRF Violation should be shown as a Parameter Entity Reference.

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:

Opened: Aug 27, 2021

Severity: 3-Major


SSRF Violation is shown as a URL Entity Reference instead of a Parameter Entity Reference.


Wrong Entity Reference in the SSRF violation is misleading.


- Create a URI data type parameter - Add a host to the SSRF Host List - Send traffic which contains the URI parameter with the value configured in the SSRF Host List



Fix Information

Corrected the Entity reference as a parameter instead of a URL in the SSRF violation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips