Bug ID 527825: Session tracking blocks inactive users which isn't shown in GUI.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.1.0, 12.0.0 HF3, 12.0.0, 11.6.1, 11.5.4

Opened: Jun 13, 2015
Severity: 3-Major

Symptoms

When session tracking actions are enabled in ASM policy, an HTTP request may be blocked based on HTTP session or username and illegal traffic that has been sent from this session. The blocked request is reported in the security events log, but there is no option to release the username using the Configuration utility.

Impact

Usernames and HTTP sessions are blocked by ASM without an option to release them from the Configuration utility.

Conditions

HA Setup + ASM with Session tracking actions enabled.

Workaround

"bigstart stop tmm" on all devices in the ha group, and then "bigstart start tmm" on all the devices back.

Fix Information

Using the Configuration utility, BIG-IP system administrators can now release blocked usernames and sessions. This is done in the Session Tracking Status screen.

Behavior Change