Bug ID 618656: JavaScript challenge repeating in loop on Firefox when URL is longer than 1033 characters

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.0.0, 12.1.3

Opened: Sep 24, 2016
Severity: 3-Major

Symptoms

The JavaScript challenge is repeating in a loop on Firefox on URLs which are longer than 1033 characters. The request never reaches the back-end server. This happens in the following challenges: * Proactive Bot Defense with Suspicious Browsers enabled * Client-Side Integrity Defense In the rest of the challenges, the challenges will succeed, but POST requests will not be reconstructed correctly and sent as a multipart message to the back-end server.

Impact

Requests to URLs longer than 1033 will be blocked on Firefox, and the browser will repeat the challenge in a loop.

Conditions

URLs are longer than 1033 characters, AND: Users are using the Firefox browser, AND: Either: * Proactive Bot Defense with Suspicious Browsers enabled, OR * Client-Side Integrity Defense is enabled and is used as a DoSL7 mitigation during an attack.

Workaround

None

Fix Information

The JavaScript challenge no longer gets stuck in a loop on Firefox, on URLs which are longer than 1033 characters.

Behavior Change