Bug ID 450468: Non-rewritten URLs may be available to user while script is running

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Feb 27, 2014

Severity: 3-Major

Related Article: K44757617


While any JavaScript code is executed, all rewritten URLs on the HTML page are demangled into original form. This operation is done by a separate script. Browsers unlock user interface at switching from one script to another. This switching may be long enough to view non-rewritten URLs from the user interface especially if the script to be executed is not in the browser cache.


User may use non-rewritten URLs and bypass the BIG-IP system connecting to them.


HTML page with long external scripts which may be downloaded slowly.


This issue has no workaround at this time.

Fix Information

Now in all modern browsers (Chrome, Safari, FF20+ and IE10+) URLs are not converted explicitly between rewritten and non-rewritten forms during script execution. Implicit conversion function is used instead. This does not allow to use non-rewritten URLs from user interface.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips