Bug ID 890169: URLs starting with double slashes might not be loaded when using a Bot Defense Profile.

Last Modified: Dec 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 17.0.0,,, 17.1.0,,,

Fixed In:
17.1.1, 16.1.4, 15.1.10

Opened: Mar 16, 2020

Severity: 3-Major


When a URL starts with double slashes (i.e. "http://HOST//path"), and Bot Defense Profile decides to perform simple redirect, the request results with loading failure.


Request is not loaded (failure message is seen on browser), and the browser may be identified as a suspicious browser by Bot Defense.


-- Bot Defense profile on blocking mode (or "Verification and Device-ID Challenges in Transparent Mode" is enabled) is attached to a virtual server. -- A request is sent to a URL starting with double slash, to a non-qualified URL, during the profile's grace period.



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips