Bug ID 890169: URLs starting with double slashes might not be loaded when using a Bot Defense Profile.

Last Modified: Sep 24, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8

Opened: Mar 16, 2020
Severity: 3-Major

Symptoms

When a URL starts with double slashes (i.e. "http://HOST//path"), and Bot Defense Profile decides to perform simple redirect, the request results with loading failure.

Impact

Request is not loaded (failure message is seen on browser), and the browser may be identified as a suspicious browser by Bot Defense.

Conditions

-- Bot Defense profile on blocking mode (or "Verification and Device-ID Challenges in Transparent Mode" is enabled) is attached to a virtual server. -- A request is sent to a URL starting with double slash, to a non-qualified URL, during the profile's grace period.

Workaround

None.

Fix Information

None

Behavior Change