Bug ID 719186: Multipart/form-data requests may generate false positive 'missing strong integrity parameter' alerts

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,, 14.0.0,,,,,, 14.0.1

Fixed In:

Opened: May 09, 2018
Severity: 3-Major


Multipart/form-data requests are not supported in FPS. FPS-protected pages which have the enhanced data-manipulation feature enabled, may generate a false-positive 'missing strong integrity parameter' alert for multipart/form-data requests.


False-positive 'missing strong integrity parameter' alert.


-- FPS profile attached to a virtual server. -- Multipart/form-data requests to a URL. -- Enhanced data-manipulation feature enabled on a protected URL.


Use the ANTIFRAUD::disable_alert iRule command to drop the alert: (set the static::drop_alert variable, probably matching URL name and checking that Content-Type header starts with 'multipart/form-data') when ANTIFRAUD_ALERT { if {$static::drop_alert eq 1 && [ANTIFRAUD::alert_type] eq "vtoken" && [ANTIFRAUD::alert_component] eq "no_strong_integrity_param" } { ANTIFRAUD::disable_alert set static::drop_alert 0 } }

Fix Information

FPS no longer sends automatic-transaction alerts for unsupported requests, so multipart/form-data requests no longer generate false positive 'missing strong integrity parameter' alerts.

Behavior Change