Bug ID 635754: Wildcard URL pattern match works inncorectly in Traffic Learning

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1

Opened: Dec 26, 2016

Severity: 3-Major

Related Article: K65531575


In the policy with URL learning mode set to ALWAYS, wildcard URL matching for *.[Pp][Nn][Gg]", "*.[Jj][Pp][Gg]", "*.[Gg][Ii][Ff]" will prevent you from adding other wildcard destinations using policy builder.


You will not be able to accept the learning suggestion to the correct wildcard URL.


Policy builder enabled. PolicyBuilder creates the wildcard urls "*.[Pp][Nn][Gg]", "*.[Jj][Pp][Gg]", "*.[Gg][Ii][Ff]". If you need to manually create another wildcard url "/polo/images/*", the pattern match will be incorrect and you will not be able to accept the learning suggestion.


In order to get suggestions on the correct wildcard match, remove "png" from the URL list in the policy: To do so, navigate to Security :: Application Security :: Policy Building :: Learning and Blocking Settings :: URLs :: File types for which wildcard HTTP URLs will be configured (e.g., *.jpg). Also make sure that you have correct wildcard order. Go to Security :: Application Security :: URLs :: Wildcards Order :: HTTP URLs. "/polo/images/*" should be above "*.[Pp][Nn][Gg]" in the list. If it is not, move it using "Up" button".

Fix Information

Wildcard URL pattern match now works as expected in Traffic Learning

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips