Bug ID 673311

Bug Tracker
ID 673311

Bug ID 673311: When 'Web Scraping Configuration' has 'Bot Detection' set to 'Alarm', the type=7 JavaScript challenge is sent.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Jul 10, 2017

Severity: 3-Major

Symptoms

The JavaScript challenge type=7 is sent when it should not be. The challenge should be sent only when 'Bot Detection' is set to 'Alarm and Block' or when 'Fingerprint Usage' or 'Persistent Client Identification' is enabled in 'Web Scraping Configuration'.

Impact

After 10 requests to a qualified URL, the JavaScript challenge type=7 is sent back.

Conditions

-- ASM Policy. -- 'Bot Detection' set to 'Alarm' in 'Web Scraping Configuration'.

Workaround

None.

Fix Information

Now, when using 'Web Scraping Configuration', JavaScript challenge type=7 is sent only when 'Bot Detection' is set to 'Alarm and Block' or when 'Fingerprint Usage' or 'Persistent Client Identification' is enabled in 'Web Scraping Configuration'.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips