Bug ID 804185: Some WebSafe request signatures may not work as expected

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,, 14.0.0,,,,,, 14.0.1, 14.1.0,,,,,, 14.1.2, 15.0.0, 15.0.1

Fixed In:

Opened: Jul 11, 2019

Severity: 3-Major


Request signatures are part of the WebSafe signature mechanism. The request signature is achieved by configuring an FPS-protected URL and a corresponding custom-alert. If the URL is a wildcard, a priority must be assigned to determine the order of matching. URL matching by priority is not working properly. As a result, the signature do not work as expected


A portion of WebSafe request signature do not work as expected: -- An alert is sent, though it should not be (false-positive). -- An alert was not sent, though it should be (false-negative).


There is at least one wildcard URL configured by the request signature update file.


Configure the same signature manually in the BIG-IP system's GUI/tmsh.

Fix Information

FPS now correctly handles signature-based wildcard URL's priority.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips