Bug ID 525522: Redirect loop when Proactive Bot Defense is enabled and deployment has multiple domains

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
11.6.0 HF6

Opened: May 28, 2015
Severity: 3-Major

Symptoms

A redirect loop may happen for some users, when the Proactive Bot Defense feature is enabled, and the deployment consists of multiple domains.

Impact

Some users may occasionally be blocked from accessing certain URLs of a website due a redirect loop that could happen. In most cases, a page-refresh attempted by the user will load the page properly.

Conditions

Proactive Bot Defense is enabled on a DOS profile that is assigned to a Virtual Server, and the deployment consists of multiple domains.

Workaround

Applying the following iRule will workaround the problem: when HTTP_REQUEST { if { [HTTP::cookie exists "TSPD_101_R0"] } { if { [HTTP::cookie exists "TSPD_101"] } { HTTP::cookie remove "TSPD_101" } } }

Fix Information

Occasional redirect loops caused by the Proactive Bot Defense mechanism no longer occur when multiple domains are deployed.

Behavior Change