Bug ID 1316621: Custom headers and cookies are by default configured with base64 decoding enabled

Last Modified: May 14, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0

Opened: Jul 05, 2023

Severity: 3-Major

Symptoms

When custom headers and cookies are created in ASM, the decode_value_as_base64 flag is enabled by default.

Impact

Decode_value_as_base64 flag is enabled by default.

Conditions

A custom header or cookie is created

Workaround

If base64 decoding is not required, then the flag decode_value_as_base64 has to be turned off manually after creating custom header/cookie

Fix Information

Whenever a custom header or cookie is created, the default value of decode_value_as_base64 flag will now be set to false

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips