Bug ID 453568: Client side challenge request reconstruction may fail to restore original referrer header

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF4

Opened: Mar 23, 2014
Severity: 2-Critical


Client side challenge reconstruction failed to restore the original referrer header.


During client side challenge injections, wrong referrer header reaches the web application.


During client side web scraping mitigation, the client side challenge is injected by the Enforcer to the browser end-user.



Fix Information

The client side challenge mechanism now correctly reconstructs the referrer header.

Behavior Change