Bug ID 1100393: Multiple Referer header raise false positive evasion violation

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
17.0.0, 17.0.0.1, 17.0.0.2

Opened: Apr 19, 2022
Severity: 3-Major

Symptoms

When Multiple Referer headers contains a backslash character ('\') in query string portion, 'IIS backslashes' evasion technique violation is raised.

Impact

False positive evasion technique violation is raised for Referer header.

Conditions

- 'Url Normalization' is turned on and 'Evasion Techniques Violations' is enabled. - Multiple Referer header contains a backslash character ('\') in query string part.

Workaround

In the HTTP Header Properties screen, turn off the 'Url Normalization' on the 'Normalization Settings' section of the 'referer' property.

Fix Information

None

Behavior Change