Bug ID 1147545: AP cookie might be missing for first request when AP profile is being used with ASM policy

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1

Opened: Sep 07, 2022

Severity: 3-Major

Symptoms

AP cookie might not be added from the client browser for the initial request towards virtual server when ASM policy is being used.

Impact

Very first client request towards AP endpoint might get blocked due to missing AP cookie.

Conditions

1. ASM policy is configured. 2. AP and AI profile is created with a Protected Endpoint that has Enforcement Mode configured to Mitigate. 3. The Mitigate Missing Cookie field is enabled on the protected endpoint. 4. AP and AI profile is attached to virtual server.

Workaround

Disable 'Mitigate Missing Cookie' for the particular endpoint.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips