Bug ID 812773: Add option to insert security headers for fictive URL responses

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Fixed In:
16.0.0

Opened: Aug 06, 2019
Severity: 3-Major

Symptoms

When ASM blocks any of the HTTP requests, then the HTTP security headers are missed in ASM internal response. (e.g. blocking page, captcha, and all other fictive url's of ASM, including BOT Defense, and L7DOS).

Impact

ASM internal responses are anomalous for penetration testing and vulnerability assessment tools.

Conditions

- ASM provisioned and configured with a policy. - Traffic arrives which violates the ASM policy

Workaround

Create iRules to insert needed security headers into ASM blocked/internal responses

Fix Information

None

Behavior Change