Bug ID 898825: Attack signatures are enforced on excluded headers under some conditions

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,

Fixed In:

Opened: Apr 14, 2020
Severity: 3-Major


Attack signatures are marked as detected when they should be marked as excluded (i.e., a false positive).


False positive enforcement for header signature.


-- A 100-continue transaction occurs in HTTP. -- The internal parameter answer_100_continue is set to a non-default value of 0.


Set the answer_100_continue to 1 (default) on versions later than 15.0.0.

Fix Information


Behavior Change