Bug ID 974425: Legitimate clients using new browsers might get mitigated by Bot Defense Profile

Last Modified: Jul 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Opened: Dec 16, 2020
Severity: 4-Minor

Symptoms

As part of Bot Defense Profile browser verification, client capabilities are tested, and if they do not match what is expected, they are mitigated. Some new browser versions exist that do not apply the current expected capabilities.

Impact

Legitimate clients are mitigated.

Conditions

-- Bot Defense Profile is attached to a virtual server. -- Browser Verification is set to 'verify before access' or 'verify after access'. -- Client is using a new browser version.

Workaround

None.

Fix Information

None

Behavior Change