Bug ID 898825: Attack signatures are enforced on excluded headers under some conditions

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
14.1.2.7

Opened: Apr 14, 2020

Severity: 3-Major

Symptoms

Attack signatures are marked as detected when they should be marked as excluded (i.e., a false positive).

Impact

False positive enforcement for header signature.

Conditions

-- A 100-continue transaction occurs in HTTP. -- The internal parameter answer_100_continue is set to a non-default value of 0.

Workaround

Set the answer_100_continue to 1 (default) on versions later than 15.0.0.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips