Bug ID 898825: Attack signatures are enforced on excluded headers under some conditions

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:

Opened: Apr 14, 2020

Severity: 3-Major


Attack signatures are marked as detected when they should be marked as excluded (i.e., a false positive).


False positive enforcement for header signature.


-- A 100-continue transaction occurs in HTTP. -- The internal parameter answer_100_continue is set to a non-default value of 0.


Set the answer_100_continue to 1 (default) on versions later than 15.0.0.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips