Bug ID 1701261

Bug Tracker
ID 1701261

Bug ID 1701261: OWASP screen with many ASM policies can cause the GUI to time out

Last Modified: Jan 17, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1

Opened: Oct 18, 2024

Severity: 3-Major

Symptoms

OWASP screen with many ASM policies can cause the GUI to display "Unable to contact BIG-IP device".

Impact

The GUI times out while trying to render the page.

Conditions

Over a hundred asm policies are configured

Workaround

The value mentioned here is a generic workaround. Depending on configuration size and system resources, you may need to set it to a higher value (please read step 3). 1. Adjust the browser-based Javascript status update interval and timeout. 1.1. Remount /usr partition as read-write using the command: mount -o remount,rw /usr 1.2. Edit the file /usr/local/www/xui/framework/scripts/variables.js, and modify the variables: time_updateXui to 8, and timeout_status to 60. Default values are: var time_updateXui = 5; // Seconds var timeout_status = 30; //Timeout value for XUI status update Change these values to: var time_updateXui = 30; // Seconds var timeout_status = 300; //Timeout value for XUI status update 1.3. Remount /usr partition back to read-only. mount -o remount,ro /usr 2. Restart associated daemons: bigstart restart httpd bigstart restart tomcat bigstart restart restjavad 3. If "Unable to contact BIG-IP device" still appears, open browser development tool and check how many ajax call to the endpoint mgmt/tm/asm/owasp/generate-score are completed and not completed when "Unable to contact BIG-IP device" appears. For example, you have 100 asm policies so you see 100 of such AJAX calls. When your GUI is timed out, you see 90 calls completed and 10 are not. Then you can try slightly increased value to timeout_status, such as 360 seconds, instead of 300 seconds. If still 40 calls are not completed, try 600 seconds. In addition, if rest api is slow due to low memory, adjust and increase provisioned memory for host and restjaved using following sys db keys. Values to specify depend on platform, existing provisioned modules, and system usage. sys db provision.extramb sys db provision.restjavad.extramb

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips