Last Modified: Sep 13, 2023
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 12.1.4, 184.108.40.206, 12.1.5, 220.127.116.11, 18.104.22.168, 22.214.171.124, 12.1.6
Opened: Jan 04, 2016 Severity: 3-Major
Previously the URL Filter Assign agent was always expected to be after Categorization and Response Analytics. In the case where Categorization returned only "recommend to scan" and Response Analytics returned nothing, "recommend to scan" would be treated as "uncategorized" before enforcing actions. BIG-IP now has Request Analytics. When this is used, there will be a URL Filter Assign agent after Request Analytics, and then another instance of this after Response Analytics. In such a situation, treating "recommend to scan" as "uncategorized" is incorrect in the instance of URL filter assign after Request Analytics.
A "recommend to scan" categorization after Request Analytics is treated as "uncategorized". This is undesirable because the first URL Filter Assign instance deals with it as uncategorized instead of evaluating further by sending it to Response Analytics. If the first URL Filter allowed it through, Response Analytics would no longer see the "recommend to scan" classification and would not scan.
Per request policy looks like: Category Lookup -> Request Analytics -> URL Filter -> Response Analytics -> URL Filter
Instead of switching "recommend to scan" to "uncategorized" in URL Filter, the system now leaves it as "recommend to scan" and takes the action of "uncategorized". Response Analytics was changed to strip the "recommend to scan" category if other categories exist, and to otherwise change it to "uncategorize". Because the system expects that Response Analytics is the last category evaluation agent in the policy, this is reasonable and safe to do.