Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
12.1.2
Opened: Aug 17, 2016 Severity: 4-Minor
Under some scenarios, setting "Learn Explicit Entities" to 'Never' has no effect; it continues to work as if it is 'Add All Entities'
There is suggestion to add /index.html URL when there should be no such suggestion since the wildcard is in 'Never' mode now.
Steps to Reproduce: 1) Create a default policy, set "Learn New HTTP URLs" to "Add All Entities". 2) Create a non-pure wildcard URL "/in*". 3) Send the following request: GET /index.html HTTP/1.1\r\n Host: <Host URL>\r\n \r\n 4) There will be no suggestion to add /index.html URL since learning mode on "/in*" wildcard is "Never" by default. 5) Set "Learn Explicit Entities" to "Add All Entities" on "/in*" wildcard. 6) Send the same traffic again; there will be suggestion to add /index.html URL (which is still correct). 7) Delete all suggestions. 8) Set "Learn Explicit Entities" to "Never" on "/in*" wildcard. 9) Send the same traffic again.
Go to "Learning and Blocking Settings", set "Learn New HTTP URLs" to "Never" press "Save", then set it back to "Add All Entities". press "Save" again.
"Learn Explicit Entities" to 'Never' now works as expected.