Bug ID 812773: Add option to insert security headers for fictive URL responses

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:

Opened: Aug 06, 2019

Severity: 3-Major


When ASM blocks any of the HTTP requests, then the HTTP security headers are missed in ASM internal response. (e.g. blocking page, captcha, and all other fictive url's of ASM, including BOT Defense, and L7DOS).


ASM internal responses are anomalous for penetration testing and vulnerability assessment tools.


- ASM provisioned and configured with a policy. - Traffic arrives which violates the ASM policy


Create iRules to insert needed security headers into ASM blocked/internal responses

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips