Bug ID 761941: ASM does not remove CSRT token query parameter before forwarding a request to the backend server

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 14.0.0,,,,, 14.1.0,,,

Opened: Mar 19, 2019
Severity: 3-Major


CSRT query parameter observed in tcpdump on the BIG-IP system's server side.


Backend app gets CSRT parameter, which might impact its business logic.


-- ASM provisioned. -- ASM policy attached to a virtual server. -- CSRF enabled in ASM policy.


You can remove a CSRT query parameter using a URI modification iRule on the server side.

Fix Information


Behavior Change