Bug ID 581315: Selenium detection not blocked

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1

Fixed In:
13.0.0, 12.1.2

Opened: Mar 17, 2016

Severity: 3-Major

Symptoms

When selenium client webdriver is detected running the Chrome browser it is not being blocked due to low score being assigned by PBD (Suspicious Browsers) mechanism.

Impact

A bot which running selenium Chrome webdriver isn't mitigated by DoSL7 PBD mechanism.

Conditions

This occurs when ASM is provisioned with proactive bot defense enabled.

Workaround

N/A

Fix Information

Only for Desktop Google Chrome browsers, the PBD javascript code checks if a plugin called "Widevine Content Decryption Module" doesn't exists, the browser considered as running via the selenium tool and will be blocked by PBD.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips