Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1
Opened: Jan 12, 2017 Severity: 4-Minor
When the Single Page Application flag enabled within DoS Application profile, and there is an AJAX request being sent using an HTTP method that is not a GET or POST (e.g., PATCH, PUT, DELETE), the Proactive Bot Defense does not display CAPTCHA pop-up.
CAPTCHA or challenge does not work.
-- ASM provisioned. -- DoS Application profile assigned to a virtual server. -- Proactive Bot Defense enabled. -- Single Page Application flag enabled within DoS Application profile. -- HTTP method is not GET or POST.
Disable Proactive Bot Defense, Single Page Application.
Single Page Application (SpearHead) AJAX hook has been updated to support non-GET/POST HTTP methods.