Bug ID 748851: Bot Detection injection include tags which may cause faulty display of application

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3

Fixed In:
13.1.1.4

Opened: Nov 05, 2018
Severity: 3-Major

Symptoms

The Bot Detection feature / Bot Defense profile includes JavaScript which is injected within <APM_DO_NOT_TOUCH> tags. Some web applications may be displayed incorrectly due to these tags.

Impact

Some web applications may be displayed incorrectly.

Conditions

- Your application includes JavaScript which dynamically adds HTML elements and expects a certain set of tags in the <head> section of the HTML. - Bot Detection / Bot Defense are enabled.

Workaround

None

Fix Information

There is now an ASM Internal Parameter 'inject_apm_do_not_touch' and a db variable 'asm.inject_apm_do_not_touch', which can be disabled (modify sys db asm.inject_apm_do_not_touch value false) to prevent the <APM_DO_NOT_TOUCH> tag from being injected, thus allowing the application to be displayed correctly.

Behavior Change

This release provides an ASM Internal Parameter 'inject_apm_do_not_touch', and a db variable 'asm.inject_apm_do_not_touch', which can be disabled (the default is enabled) to prevent the <APM_DO_NOT_TOUCH> tag from being injected, thus allowing the application to be displayed correctly. To disable db variable, run the following command: modify sys db asm.inject_apm_do_not_touch value false