Bug ID 500729: CSRF should work with path parameters

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Jan 13, 2015

Severity: 3-Major

Symptoms

False positive CSRF violation on requests that have path parameters.

Impact

Requests with path parameters are blocked.

Conditions

Policy configured to treat path parameters and CSRF feature enabled.

Workaround

None

Fix Information

The system no longer incorrectly blocks requests with path parameters when the CSRF Protection feature is enabled.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips