Bug ID 636370: Application Layer Encryption AJAX support

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Fixed In:
12.1.2 HF1

Opened: Jan 02, 2017

Severity: 3-Major

Symptoms

WebSafe doesn't support parameters encryption in Single Page Applications (using AJAX)

Impact

Encryption won't work for Single Page Applications

Conditions

Application uses AJAX for sending parameters to web server

Workaround

N/A

Fix Information

Adding AJAX encryption support (full payload encryption) for 12.1.2-hf, enabling this feature requires: tmsh modify sys db antifraud.internalconfig.string1 value <AJAX-HEADER-NAME> AJAX-HEADER-NAME existence will enable AJAX support for current request and its value may contain the username used in current request (if configured and exists) Note that activating AJAX support in releases > 12.1.2-hf is done differently (configured in profile, not in db)

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips