Bug ID 617391: Custom ASM Search Engines causing sync, offline, and upgrade issues

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6

Fixed In:
13.0.0, 12.1.3.7

Opened: Sep 18, 2016

Severity: 2-Critical

Related Article: K53345828

Symptoms

-- The Device sync status constantly shows 'Changes Pending' when a custom ASM Search Engine is added with a new Bot Name to an existing Search Engine name. For example, the Yandex search engine is a built-in search engine with Bot Name 'Yandex'. When adding a custom search engine with the same name: 'Yandex', but a different Bot Name, for example: 'yandexbot', the issue occurs. When the issue appears, the device sync status shows 'Changes Pending'. Running a config-sync brings the status to 'In Sync', but a few seconds later, the status again changes to 'Changes Pending'. -- Adding a custom ASM Search Engine with Bot Name and Domain Name identical to an existing Search Engine reports an error message, but the Search Engine will be successfully added. The next time ASM is restarted, the device remains offline and ASM restarts indefinitely. -- Adding a custom ASM Search Engine and then upgrading to a release that already includes it as a built-in Search Engine under a different name, causes ASM to restart indefinitely and the system to remain offline. For example: adding a custom Search Engine with Domain Name '.msn.com' and Bot Name 'msnbot' in 12.1.3.5 and then upgrading to 12.1.3.6 triggers this issue.

Impact

-- Device sync status constantly shows 'Changes Pending'. -- The custom ASM Search Engine might not be bypassed for JavaScript challenges that are sent as a result of either the Web Scraping Feature, or Device-ID. This applies also to standalone deployments. -- System might remain offline while ASM is constantly restarting. -- Upgrade might fail.

Conditions

This issue occurs when any of the following sets of criteria are met: -- Multiple devices are joined in sync-failover device-group and ASM sync is enabled, and a custom ASM Search Engine is added with a new Bot Name, for which there is an existing Search Engine Name. -- Adding a custom Search Engine with a Bot Name and Domain Name identical to an existing Search Engine. -- Upgrading to 12.1.3.6, and ASM sync is enabled. Note: Only 12.1.3.6 exhibits this behavior.

Workaround

-- Add the custom ASM Search Engine under a new name. For example, if adding the 'yandexbox' search engine, then use the Search Engine name 'Yandex-yandexbot' instead of simple 'Yandex'. -- Before upgrading, remove any custom Search Engines whose Bot Name and Domain Name is identical to an existing Search Engine after the upgrade.

Fix Information

Adding custom ASM Search Engines no longer triggers sync, offline or upgrade issues.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips