Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.2.0, 11.2.1, 11.3.0, 11.4.0
Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF8, 11.2.1 HF8
Opened: Jun 23, 2013 Severity: 3-Major Related Article:
K93749159
CS Challenge from Web Scraping is impacting the customer's website causing the browser to display a blank page.
CS Challenge from Web Scraping is impacting the customer's website causing the browser to display a blank page.
Configure ASM policy with client side challenge for brute force and the different web scraping features.
This issue has no workaround at this time.
We added the following internal parameters that you can add to headers and URLs in order to avoid requests receiving a client side challenge: cs_excluded_headers - Contains one or more headers, separated by a comma [,]. When one of these headers is presented in the transaction, the client side challenge is not injected in the transaction. (The URL qualification will still work in this case, as it is expected that the same URL may appear with or without these headers). The default value is an empty string. cs_excluded_urls - Contains one or more explicit URLs, separated by a comma [,]. These URLs will never be qualified for a client-side challenge. The default value is an empty string.