Bug ID 1100393: Multiple Referer header raise false positive evasion violation

Last Modified: Mar 30, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:
17.1.0, 16.1.4

Opened: Apr 19, 2022

Severity: 3-Major


When Multiple Referer headers contains a backslash character ('\') in query string portion, 'IIS backslashes' evasion technique violation is raised.


False positive evasion technique violation is raised for Referer header.


- 'Url Normalization' is turned on and 'Evasion Techniques Violations' is enabled. - Multiple Referer header contains a backslash character ('\') in query string part.


In the HTTP Header Properties screen, turn off the 'Url Normalization' on the 'Normalization Settings' section of the 'referer' property.

Fix Information

Fixed Multiple Referer header handling before URL Normalization.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips