Bug ID 785873: ASM should treat 'Authorization: Negotiate TlR' as NTLM

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,, 15.0.0, 15.0.1,,,,

Fixed In:
15.1.0,, 13.1.5

Opened: May 23, 2019
Severity: 3-Major


When an authentication request with Authorization: Negotiate arrives to ASM. ASM does not count it as a login attempt. As a result brute force protection isn't applied.


Brute force attack checking can be skipped if the backend server authorization type is NTLM but the client sends 'Authorization: Negotiate TlR'.


-- ASM provisioned. -- ASM policy attached to a virtual sever. -- Login URL configured in ASM policy. -- Brute force protection enabled in ASM policy.


Use iRule which changes 'Authorization: Negotiate TlR' to NTLM on the client side (before ASM) and sets is back to the original value on the server side (after ASM)

Fix Information

After the fix ASM treats 'Authorization: Negotiate TlR' as NTLM, while the 'TlR' is a sign of NTLM usage.

Behavior Change