Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1
Opened: May 30, 2017 Severity: 3-Major Related Article:
K92494571
A WebSocket URL is not detected as such in the switch-protocol request.
Over the SSL connection the request URL is not detected as '/wss' but as the wildcard URL. Over the non-SSL connection the request will be detected as '/wss' the WebSocket URL.
-- ASM policy with 'Differentiate between HTTP/WS and HTTPS/WSS URLs' disabled. -- Explicit WebSocket URLs, '/wss' configured. -- The ASM policy is attached to both a non-SSL virtual server and an SSL virtual server. -- Requests arrives, one from the SSL connection and one from the non-SSL connection.
Enable 'Differentiate between HTTP/WS and HTTPS/WSS URLs'.
A WebSocket URL is now detected as such in the switch-protocol request.