Bug ID 719186: Multipart/form-data requests may generate false positive 'missing strong integrity parameter' alerts

Last Modified: May 07, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 13.1.0.8

Opened: May 09, 2018
Severity: 3-Major

Symptoms

Multipart/form-data requests are not supported in FPS. FPS-protected pages which have the enhanced data-manipulation feature enabled, may generate a false-positive 'missing strong integrity parameter' alert for multipart/form-data requests.

Impact

False-positive 'missing strong integrity parameter' alert.

Conditions

-- FPS profile attached to a virtual server. -- Multipart/form-data requests to a URL. -- Enhanced data-manipulation feature enabled on a protected URL.

Workaround

Use the ANTIFRAUD::disable_alert iRule command to drop the alert: (set the static::drop_alert variable, probably matching URL name and checking that Content-Type header starts with 'multipart/form-data') when ANTIFRAUD_ALERT { if {$static::drop_alert eq 1 && [ANTIFRAUD::alert_type] eq "vtoken" && [ANTIFRAUD::alert_component] eq "no_strong_integrity_param" } { ANTIFRAUD::disable_alert set static::drop_alert 0 } }

Fix Information

FPS no longer sends automatic-transaction alerts for unsupported requests, so multipart/form-data requests no longer generate false positive 'missing strong integrity parameter' alerts.

Behavior Change