Bug ID 718772: The generated signature creates incorrect predicate http.unknown_header (instead of http.unknown_header_exists)

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 14.0.0.5, 13.1.0.8

Opened: May 07, 2018

Severity: 3-Major

Symptoms

The generated signature creates incorrect predicate http.unknown_header (instead of http.unknown_header_exists).

Impact

In the GUI, when the signature with the predicate 'unknown_header' is edited, this predicate is empty (instead of exists / does not exist).

Conditions

Attack with traffic with 'unknown' header, for example 'Upgrade-Insecure-Requests: 1'.

Workaround

There is no workaround.

Fix Information

1. Change 'http.unknown_header' predicate into 'http.unknown_header_exists'. 2. Keep supporting the old format 'http.unknown_header'.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips