Bug ID 858229: XML with sensitive data gets to the ICAP server

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,, 14.1.0,,,,,, 14.1.2,,,,, 15.0.0, 15.0.1,,,, 15.1.0,

Fixed In:

Opened: Dec 06, 2019

Severity: 3-Major

Related Article: K22493037


XML with sensitive data gets to the ICAP server, even when the XML profile is not configured to be inspected.


Sensitive data will reach the ICAP server.


XML profile is configured with sensitive elements on a policy. ICAP server is configured to inspect file uploads on that policy.


No immediate workaround except policy related changes

Fix Information

An internal parameter, send_xml_sensitive_entities_to_icap was added. It's default is 1 as this is the expected behavior. To disable this functionality, change the internal parameter value to 0.

Behavior Change

An internal parameter has been added, called send_xml_sensitive_entities_to_icap, and the default value is 1. When this is changed to 0 (using this command): /usr/share/ts/bin/add_del_internal add send_xml_sensitive_entities_to_icap 0 XML requests with sensitive data will not be sent to ICAP.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips