Bug ID 750689: Request Log: Accept Request button available when not needed

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 14.0.0,,,,,, 14.0.1, 14.1.0,,,,

Fixed In:
15.0.0,,, 13.1.3

Opened: Nov 21, 2018

Severity: 3-Major


There are several violations that make requests unlearnable, but the Accept Request Button is still enabled.


Accept Request button is available, but pressing it does not change the policy.


This occurs in the following scenarios: 1. Request log has requests with following violations that make requests unlearnable: - Threat Campaign detected. - Null character found in WebSocket text message. - Access from disallowed User/Session/IP/Device ID. - Failed to convert character. 2. Subviolations of HTTP protocol compliance fails violation: - Unparsable request content. - Null in request. - Bad HTTP version. 3. Only the following violations are detected: - Access from malicious IP address. - IP address is blacklisted. - CSRF attack detected. - Brute Force: Maximum login attempts are exceeded.



Fix Information

The Accept Request button is now disabled when there is nothing to be learned from request.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips