Bug ID 636370: Application Layer Encryption AJAX support

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
12.1.2 HF1

Opened: Jan 02, 2017
Severity: 3-Major

Symptoms

WebSafe doesn't support parameters encryption in Single Page Applications (using AJAX)

Impact

Encryption won't work for Single Page Applications

Conditions

Application uses AJAX for sending parameters to web server

Workaround

N/A

Fix Information

Adding AJAX encryption support (full payload encryption) for 12.1.2-hf, enabling this feature requires: tmsh modify sys db antifraud.internalconfig.string1 value <AJAX-HEADER-NAME> AJAX-HEADER-NAME existence will enable AJAX support for current request and its value may contain the username used in current request (if configured and exists) Note that activating AJAX support in releases > 12.1.2-hf is done differently (configured in profile, not in db)

Behavior Change