Bug ID 618693: Web Scraping session_opening_anomaly reports the wrong route domain for the source IP

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Fixed In:

Opened: Sep 25, 2016

Severity: 4-Minor


When generating a web scraping attack of session opening anomaly type, there is an attack start/end event shown in the /var/log/asm and GUI: Security :: Event Logs : Application : Web Scraping Statistics. The event has a "source ip" field which should come along with the route domain. In the case of "session opening anomaly" the route domain is always zero. (For example: Even there is a non-zero route domain configured.


Incorrect route domain field is shown in the GUI and /var/log/asm.


Route domain is configured and a web scraping attack event triggers.


None. This is a cosmetic error. The system uses the correct route domain

Fix Information

The fix is to set the correct route domain for the "session opening anomaly" events shown in the GUI and /var/log/asm

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips