Bug ID 501892: Selenium is not detected by headless mechanism when using client version without server

Last Modified: Nov 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2

Opened: Jan 20, 2015
Severity: 3-Major

Symptoms

DoSL7 Proactive Bot Defense (Block requests from suspicious browsers) detects selenium when the selenium server is running and a listener has opened on one of specific ports.

Impact

If a bot is running selenium client package only it is not being blocked by DoSL7 Proactive Bot Defense mechanism.

Conditions

This occurs when ASM is provisioned with proactive bot defense enabled, when accessing the page for a first time.

Workaround

N/A

Fix Information

Selenium detection mechanism has improved and if a bot uses FF or Chrome selenium driver it is detected by PBD's javascript code via checking existence of required chrome plugins and FF webdriver.

Behavior Change