Bug ID 618656: JavaScript challenge repeating in loop on Firefox when URL is longer than 1033 characters

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.0.0, 12.1.3

Opened: Sep 24, 2016

Severity: 3-Major


The JavaScript challenge is repeating in a loop on Firefox on URLs which are longer than 1033 characters. The request never reaches the back-end server. This happens in the following challenges: * Proactive Bot Defense with Suspicious Browsers enabled * Client-Side Integrity Defense In the rest of the challenges, the challenges will succeed, but POST requests will not be reconstructed correctly and sent as a multipart message to the back-end server.


Requests to URLs longer than 1033 will be blocked on Firefox, and the browser will repeat the challenge in a loop.


URLs are longer than 1033 characters, AND: Users are using the Firefox browser, AND: Either: * Proactive Bot Defense with Suspicious Browsers enabled, OR * Client-Side Integrity Defense is enabled and is used as a DoSL7 mitigation during an attack.



Fix Information

The JavaScript challenge no longer gets stuck in a loop on Firefox, on URLs which are longer than 1033 characters.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips