Bug ID 879777: Retreive browser cookie from related domain instead of performing another Bot Defense browser verification challenge

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:
16.0.0, 15.1.1,

Opened: Feb 11, 2020

Severity: 4-Minor


After configuring the "validate upon request" option in "Cross Domain Requests" in a Bot Defense profile, JS challenges continue to be sent.


Browser receives another JS challenge, instead of retrieving the cookie from the related domain. This causes extra latency for the client.


-- Bot Defense profile is enabled -- "Cross Domain Request":"validate upon request" option is enabled -- A browser navigates to a qualified (HTML) page from a related domain.


Use "validate in a bulk" option.

Fix Information

Retrieving the cookie from the related domain even if the page is qualified.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips