Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Jul 14, 2018
Severity: 3-Major
Some users may get falsely blocked under the Web Scraping violation. Similarly, some users may fail to pass the CAPTCHA challenge when triggered by Brute Force Mitigation, DoSL7 Mitigation, or Proactive Bot Defense.
Some legitimate users may get blocked.
Either: - Web Scraping is enabled with Bot Detection set to alarm or to block (13.1.x/14.0.x). - CAPTCHA mitigation is in use due to another suspicious activity, triggered by Brute Force Mitigation, DoSL7 Mitigation, or Proactive Bot Defense (14.0.x).
Running these commands may prevent these browsers from getting blocked: -- /usr/share/ts/bin/add_del_internal add ws_cshui_susp_event_bot_score 0 -- bigstart restart asm This disables one of the tests that cause the false positive.
Fixed false detection of some users as bots causing them to be blocked by Web Scraping or CAPTCHA.
