Bug ID 657640: Issue deploying new ASM policy to BIG-IP with disallowed WebSocket URLs configured in policy

Last Modified: Nov 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IQ Web App Security (ASM)(all modules)

Known Affected Versions:
5.2.0

Opened: Apr 10, 2017
Severity: 3-Major

Symptoms

After deploying a new policy to a 13.0 BIG-IP device and doing another evaluation, differences involving the addition of a Plain Text Profile named "Default" might appear. Deploying the second evaluation will fail with an error that the Plain Text Profile cannot be deleted.

Impact

Difference shown after deployment and failure of second deployment.

Conditions

The issue happens when deploying to a 13.0 BIG-IP device and the policy has Disallowed WebSocket URLs. The issue happens if the BIG-IP device does not have a fix to bug 658062.

Workaround

In order to fully deploy the configuration if the unexpected difference appears, it is needed to remove all disallowed WebSocket URLs on the BIG-IP directly before doing another evaluation.

Fix Information

None

Behavior Change