Bug ID 474256: False positive CSRF violations

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Aug 03, 2014

Severity: 4-Minor


A CSRF script does not iterate over frame links, causing a false positive CSRF violation.


A false positive CSRF violation.


CSRF is turned on a system that has frame links.


You can workaround this issue by using the URL list in the CSRF protection configuration.

Fix Information

The system now adds the CSRF token to frame links, fixing a false positive CSRF violation issue.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips