Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2
Opened: Oct 13, 2016 Severity: 3-Major
Internet Explorer browsers will get into an endless loop of requests, never reaching the back-end server, when accessing a Virtual Server which is enabled with both the Web Scraping feature, and the Proactive Bot Defense, if the mode of Proactive Bot Defense is set to During Attacks.
Internet Explorer browser users are getting blocked from accessing the back-end server.
1. ASM Security Policy is attached to the Virtual Server, and has Web Scraping's Bot Detection set to Alarm & Block. 2. Within Web Scraping, both Fingerprint and Persistent Client Identification are disabled. 3. DoS profile is attached to the Virtual Server, and has Proactive Bot Defense set to During Attacks. 4. Users are using the Internet Explorer browser.
Two options for workaround: 1. Set Proactive Bot Defense to Always instead of During Attacks. 2. Enable either Fingerprint or Persistent Client Identification in the Web Scraping configuration.
Internet Explorer users are no longer blocked when accessing a Virtual Server which has both Web Scraping enabled, and Proactive Bot Defense set to During Attacks.