Bug ID 470779: The Enforcer should exclude session awareness violations when counting illegal requests.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.4

Opened: Jul 08, 2014
Severity: 3-Major

Symptoms

Getting False positive by blocking requests.

Impact

Release session status from being blocked/logged can be renewed if illegal traffic runs at the same time even with 'Disallowed access...' violation only

Conditions

Session Awareness is enabled.

Workaround

N/A

Fix Information

The Enforcer now excludes session awareness violations when counting illegal requests for session awareness actions. Previously, these violations were counted and therefore prematurely caused the session status to be "Blocked".

Behavior Change