Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
11.6.0 HF6
Opened: May 28, 2015 Severity: 3-Major
A redirect loop may happen for some users, when the Proactive Bot Defense feature is enabled, and the deployment consists of multiple domains.
Some users may occasionally be blocked from accessing certain URLs of a website due a redirect loop that could happen. In most cases, a page-refresh attempted by the user will load the page properly.
Proactive Bot Defense is enabled on a DOS profile that is assigned to a Virtual Server, and the deployment consists of multiple domains.
Applying the following iRule will workaround the problem: when HTTP_REQUEST { if { [HTTP::cookie exists "TSPD_101_R0"] } { if { [HTTP::cookie exists "TSPD_101"] } { HTTP::cookie remove "TSPD_101" } } }
Occasional redirect loops caused by the Proactive Bot Defense mechanism no longer occur when multiple domains are deployed.