Bug ID 446774: Wildcard parameter is changed to "Ignore Value" when learning mode is "Add All Entities"

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.6.0

Opened: Jan 30, 2014

Severity: 3-Major

Symptoms

The system skips significant parameter characteristics checks. The system will not perform checks on the parameter value.

Impact

Skipping significant parameter characteristics checks means temporarily downgrading the security. The system will not perform checks on the parameter value. (When this happens, signatures won't trigger violations against the wildcard parameter.)

Conditions

When learning mode for Parameters is changed to "Add All Entities", the Parameter Value Type for the wildcard parameter is changed to "Ignore Value".

Workaround

Manually change the Parameter Value Type for the wildcard to "User-input value".

Fix Information

When the "Explicit Entities Learning" setting for Parameters is changed to "Add All Entities", we changed the Parameter Value Type for the wildcard parameter from "Ignore value" to "User-input value". This was done in order for signatures to trigger violations against the wildcard parameter.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips