Bug ID 742852: Bot Defense protection blocks Safari browser requests while using cross site redirect protection by 'Location' header

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:

Opened: Sep 05, 2018

Severity: 3-Major


Bot defense blocks a request containing a TSPD101 cookie in query string. TSPD101 is sent when using the Safari browser, and cross-site redirect protection is applied on a request.


Cross-site requests are blocked during the grace period configured on the bot defense profile.


- ASM provisioned. - Bot Defense profile attached to a virtual server. - Cross-site redirection is applied on a request. - Using the Safari browser.


Disable browser verification in the bot defense profile.

Fix Information

Cross-site redirect protection now works as expected when cookie is sent via query string.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips