Last Modified: May 01, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2
Opened: Apr 28, 2025 Severity: 4-Minor
Disallowed configuration gets accepted. Subsequent full configuration load fail and unit remains offline.
Configuration load fail and unit remains offline.
A user-defined bot is configured under bot-signature AND the bot is configured for mitigation exception Then, bot category of the bot gets updated and new category is one of the categories that is under Unknown/Browser/Mobile Application class After above operation are performed, subsequent config full load fails.
- Do not perform the operation described in Conditions section - If it has been performed but your unit is still online, use GUI or TMSH to revert the change of bot category - If it has been performed and config load has failed and unit is offline state, manually revert the change of bot category as below e.g: MyBot was configured in mitigation exception. Bot category of MyBot was updated to be "Mobile App without SDK" that should not be accepted, but accepted due to this bug. Manually modify /config/bigip.conf // Before manual modification security bot-defense signature /Common/MyBot { category "/Common/Mobile App without SDK" risk na user-agent { search-string MyBot } } // After manual modification security bot-defense signature /Common/MyBot { category "/Common/Search Bot" risk na user-agent { search-string MyBot } } Save the change then # bigstart restart If this does not reflect the manual modification, perform force mcpd reload. # rm -f /var/db/mcpdb.* ; touch /service/mcpd/forceload # bigstart restart
None