Bug ID 824037: Bot Defense whitelists do not apply for IP 'Any' when using route domains

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,, 15.0.0, 15.0.1,,,,

Fixed In:

Opened: Sep 08, 2019
Severity: 3-Major


When defining whitelists in bot defense profiles, when the IP is set to 'Any' and route domains are in use, whitelists are not applied.


Request will be mitigated.


-- Bot Defense profile is enabled. -- Whitelist is configured for IP 'Any' (for URL or GEO), -- Sending a request that matches the whitelist using route domains.


For url whitelist only: Add micro service to the bot defense profile, configure: 1. Add required URL. 2. Specify service type 'Custom Microservice Protection'. 3. Set the 'Mitigation and Verification' setting as required (relevant for logging only). 4. In 'Automated Threat Detection', set 'Mitigation Action' to 'None'. 5. Set the microservice 'Enforcement Mode' to 'Transparent'. This causes the associated URL to never be blocked (but no 'whitelist' will be seen in reporting).

Fix Information

Enabling IP 'Any' on route domains now works as expected.

Behavior Change