Bug ID 501892: Selenium is not detected by headless mechanism when using client version without server

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1

Fixed In:
13.0.0, 12.1.2

Opened: Jan 20, 2015

Severity: 3-Major

Symptoms

DoSL7 Proactive Bot Defense (Block requests from suspicious browsers) detects selenium when the selenium server is running and a listener has opened on one of specific ports.

Impact

If a bot is running selenium client package only it is not being blocked by DoSL7 Proactive Bot Defense mechanism.

Conditions

This occurs when ASM is provisioned with proactive bot defense enabled, when accessing the page for a first time.

Workaround

N/A

Fix Information

Selenium detection mechanism has improved and if a bot uses FF or Chrome selenium driver it is detected by PBD's javascript code via checking existence of required chrome plugins and FF webdriver.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips