Bug ID 635551: ASM/DoSL7 Challenges should support CORS requests

Last Modified: Oct 07, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Fixed In:
14.0.0

Opened: Dec 22, 2016

Severity: 3-Major

Related Article: K43184134

Symptoms

Bot protection is intermittently causing page not to load completely.

Impact

Bot protection is intermittently causing page not to load completely.

Conditions

Enable ASM features that include challengers scripts such as : Web Scraping, Brute Force, Procative BOT Defense, DOSL7 Client Side mitigation, and then browse to a resource that makes a cross-origin HTTP request.

Workaround

Perform one of the following options: 1. Add this URL to whitelist url. 2. Insert "Access-Control-Allow-Origin" header via an iRule.

Fix Information

Bot protection no longer intermittently causes incomplete page load.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips