Bug ID 753923: Detected Web Scraping negative enforcement prevent normal behavior detection even when they are disabled

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Opened: Dec 21, 2018
Severity: 4-Minor

Symptoms

The negative enforcement option within the Bot Detection (Web Scraping) feature might prevent normal behavior from being detected as such, even after disabling the negative enforcement using the internal parameter: ws_cshui_susp_event_bot_score. Disabling negative enforcement is done using an internal Pp/usr/share/ts/bin/add_del_internal add ws_cshui_susp_event_bot_score 0 bigstart restart asm

Impact

Some web clients may get blocked due to this anomaly.

Conditions

-- Bot Detection (Web Scraping) is enabled on the ASM Security Policy. -- The client uses rarely encountered hardware that causes negative enforcement to be detected. -- Negative enforcement is disabled via ASM internal parameters.

Workaround

None.

Fix Information

None

Behavior Change