Last Modified: May 14, 2025
Affected Product(s):
BIG-IP ASM
Fixed In:
17.5.0
Opened: Jul 05, 2023 Severity: 3-Major
When custom headers and cookies are created in ASM, the decode_value_as_base64 flag is enabled by default.
Decode_value_as_base64 flag is enabled by default.
A custom header or cookie is created
If base64 decoding is not required, then the flag decode_value_as_base64 has to be turned off manually after creating custom header/cookie
Whenever a custom header or cookie is created, the default value of decode_value_as_base64 flag will now be set to false