Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Fixed In:
16.0.0
Opened: Aug 06, 2019 Severity: 3-Major
When ASM blocks any of the HTTP requests, then the HTTP security headers are missed in ASM internal response. (e.g. blocking page, captcha, and all other fictive url's of ASM, including BOT Defense, and L7DOS).
ASM internal responses are anomalous for penetration testing and vulnerability assessment tools.
- ASM provisioned and configured with a policy. - Traffic arrives which violates the ASM policy
Create iRules to insert needed security headers into ASM blocked/internal responses
None