Bug ID 848445: Global/URL/Flow Parameters with flag is_sensitive true are not masked in Referer

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP Install/Upgrade(all modules)

Fixed In:
16.0.0, 15.1.0.5, 14.1.2.8, 13.1.3.5, 12.1.5.3, 11.6.5.3

Opened: Nov 11, 2019

Severity: 3-Major

Related Article: K86285055

Symptoms

Global/URL/Flow Parameters with flag is_sensitive true are not masked in referrer and their value may be exposed in logs.

Impact

The parameter will not be masked in 'Referer' value header in logs, although it is masked in 'QS' string.

Conditions

Global/URL/Flow Parameters with flag is_sensitive true are defined in the policy. In logs, the value of such parameter will be masked in QS, but will be exposed in the referrer.

Workaround

Can defined the parameters as global sensitive parameters.

Fix Information

After the fix, such parameters will be treated like global sensitive parameters and will be covered also in the Referer

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips