Bug ID 673311: When 'Web Scraping Configuration' has 'Bot Detection' set to 'Alarm', the type=7 JavaScript challenge is sent.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Jul 10, 2017
Severity: 3-Major

Symptoms

The JavaScript challenge type=7 is sent when it should not be. The challenge should be sent only when 'Bot Detection' is set to 'Alarm and Block' or when 'Fingerprint Usage' or 'Persistent Client Identification' is enabled in 'Web Scraping Configuration'.

Impact

After 10 requests to a qualified URL, the JavaScript challenge type=7 is sent back.

Conditions

-- ASM Policy. -- 'Bot Detection' set to 'Alarm' in 'Web Scraping Configuration'.

Workaround

None.

Fix Information

Now, when using 'Web Scraping Configuration', JavaScript challenge type=7 is sent only when 'Bot Detection' is set to 'Alarm and Block' or when 'Fingerprint Usage' or 'Persistent Client Identification' is enabled in 'Web Scraping Configuration'.

Behavior Change