Bug ID 812773: Add option to insert security headers for fictive URL responses

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
16.0.0

Opened: Aug 06, 2019

Severity: 3-Major

Symptoms

When ASM blocks any of the HTTP requests, then the HTTP security headers are missed in ASM internal response. (e.g. blocking page, captcha, and all other fictive url's of ASM, including BOT Defense, and L7DOS).

Impact

ASM internal responses are anomalous for penetration testing and vulnerability assessment tools.

Conditions

- ASM provisioned and configured with a policy. - Traffic arrives which violates the ASM policy

Workaround

Create iRules to insert needed security headers into ASM blocked/internal responses

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips