Bug ID 611385: "Learn Explicit Entities" may continue to work as if it is 'Add All Entities'

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1

Fixed In:
12.1.2

Opened: Aug 17, 2016

Severity: 4-Minor

Symptoms

Under some scenarios, setting "Learn Explicit Entities" to 'Never' has no effect; it continues to work as if it is 'Add All Entities'

Impact

There is suggestion to add /index.html URL when there should be no such suggestion since the wildcard is in 'Never' mode now.

Conditions

Steps to Reproduce: 1) Create a default policy, set "Learn New HTTP URLs" to "Add All Entities". 2) Create a non-pure wildcard URL "/in*". 3) Send the following request: GET /index.html HTTP/1.1\r\n Host: <Host URL>\r\n \r\n 4) There will be no suggestion to add /index.html URL since learning mode on "/in*" wildcard is "Never" by default. 5) Set "Learn Explicit Entities" to "Add All Entities" on "/in*" wildcard. 6) Send the same traffic again; there will be suggestion to add /index.html URL (which is still correct). 7) Delete all suggestions. 8) Set "Learn Explicit Entities" to "Never" on "/in*" wildcard. 9) Send the same traffic again.

Workaround

Go to "Learning and Blocking Settings", set "Learn New HTTP URLs" to "Never" press "Save", then set it back to "Add All Entities". press "Save" again.

Fix Information

"Learn Explicit Entities" to 'Never' now works as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips