Bug ID 451705: Illegal metachar override can be added to policy which prevents Apply Policy

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.6.0

Opened: Mar 10, 2014
Severity: 3-Major

Symptoms

Illegal metacharacter override can be added to the security policy. This subsequently prevents the security policy from being applied. This can be see in /var/log/asm.1_transformed: ---------------------------------------------------------------------- Feb 25 11:35:25 bigip2 info perl[10112]: 01310053:6: ASMConfig change: Parameter P3 [update]: Overridden Value Meta-characters were set to 0x3f - allowed. Feb 25 11:35:31 bigip2 info perl[10112]: 01310053:6: ASMConfig change: Parameter P9 [update]: Overridden Value Meta-characters were set to 0x3a - allowed, 0x7fffffff - allowed. ----------------------------------------------------------------------

Impact

This subsequently prevents the policy from being applied. It could not apply configuration; set active failed.

Conditions

When upgrading from 11.3 to 11.5, and when importing your exported policy, it produces an error and failed to roll forward.

Workaround

N/A

Fix Information

In the security policy, the system no longer accepts meta-character values outside the legal range.

Behavior Change