Bug ID 622386: Internet Explorer getting blocked when Web Scraping and Proactive Bot Defense are both enabled

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1

Fixed In:
13.0.0, 12.1.2

Opened: Oct 13, 2016

Severity: 3-Major

Symptoms

Internet Explorer browsers will get into an endless loop of requests, never reaching the back-end server, when accessing a Virtual Server which is enabled with both the Web Scraping feature, and the Proactive Bot Defense, if the mode of Proactive Bot Defense is set to During Attacks.

Impact

Internet Explorer browser users are getting blocked from accessing the back-end server.

Conditions

1. ASM Security Policy is attached to the Virtual Server, and has Web Scraping's Bot Detection set to Alarm & Block. 2. Within Web Scraping, both Fingerprint and Persistent Client Identification are disabled. 3. DoS profile is attached to the Virtual Server, and has Proactive Bot Defense set to During Attacks. 4. Users are using the Internet Explorer browser.

Workaround

Two options for workaround: 1. Set Proactive Bot Defense to Always instead of During Attacks. 2. Enable either Fingerprint or Persistent Client Identification in the Web Scraping configuration.

Fix Information

Internet Explorer users are no longer blocked when accessing a Virtual Server which has both Web Scraping enabled, and Proactive Bot Defense set to During Attacks.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips