Bug ID 879777: Retreive browser cookie from related domain instead of performing another Bot Defense browser verification challenge

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,, 15.1.0,,,,,

Fixed In:
16.0.0, 15.1.1,

Opened: Feb 11, 2020
Severity: 4-Minor


After configuring the "validate upon request" option in "Cross Domain Requests" in a Bot Defense profile, JS challenges continue to be sent.


Browser receives another JS challenge, instead of retrieving the cookie from the related domain. This causes extra latency for the client.


-- Bot Defense profile is enabled -- "Cross Domain Request":"validate upon request" option is enabled -- A browser navigates to a qualified (HTML) page from a related domain.


Use "validate in a bulk" option.

Fix Information

Retrieving the cookie from the related domain even if the page is qualified.

Behavior Change