Last Modified: Jan 20, 2023
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
17.0.0, 17.0.0.1, 17.0.0.2
Opened: Apr 19, 2022
Severity: 3-Major
When Multiple Referer headers contains a backslash character ('\') in query string portion, 'IIS backslashes' evasion technique violation is raised.
False positive evasion technique violation is raised for Referer header.
- 'Url Normalization' is turned on and 'Evasion Techniques Violations' is enabled. - Multiple Referer header contains a backslash character ('\') in query string part.
In the HTTP Header Properties screen, turn off the 'Url Normalization' on the 'Normalization Settings' section of the 'referer' property.
None