For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

daboochmeister's avatar
daboochmeister
Icon for Cirrus rankCirrus
Aug 31, 2018

Any experience with ASM policy affecting response stream (with no vulnerability/attack signature noted)?

Env: LTM 11.5.2, physical appliance (4200), no resource issues   We are experiencing cases where the presence of an ASM security policy is affecting the response to clients, even though the event...
application delivery
ASM Advanced WAF
response
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Sep 02, 2018

It depends on your ASM Policy. Several features in ASM depend on things like injecting JavaScript into responses which may potentially break the content from rendering in the browser (should not affect the tcpdump though).

 

Such features include Web Scraping, CSRF protection, device fingerprinting, Bot Defense / Client-Side Human User Indicator /CAPTCHA etc...

 

So instead of removing the ASM policy completely the recommendation is to switch off off the features and violations which may interfere with response first.

 

Also try your application with the most basic policy such as Rapid Deployment Template.

 

Also check Support Knowledge base, for example this article:

 

K11040: Certain HTTP profile Response Chunking settings interfere with BIG-IP ASM and BIG-IP WebAccelerator processing