Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

gcv_194101's avatar
gcv_194101
Icon for Nimbostratus rankNimbostratus
Apr 29, 2015

Customized login page incorrectly replacing F5 variables

I have a customized footer that includes a few JavaScript variables to be used by some custom JS on the front-end, but when the footer.inc is inserted into the page, the code is pretty mangled. I've...
BIG-IP Access Policy Manager (APM)
customization
login
security
gcv_194101's avatar
gcv_194101
Icon for Nimbostratus rankNimbostratus
May 04, 2015

Thanks for the reply, Seth! Unfortunately, I have applied this code to my footer.inc in the APM customization multiple times with no luck. However, I started poking around and I believe I may have a workaround for this issue. What I've done is create the variables in PHP and then let the PHP parser insert the values instead of the F5 parser. For some reason, F5 is able to play nicely with that setup. Here's how I ended up:

 

 

It's pretty hokey, but it seems to work! I'll continue testing and update this post as the fix if everything looks good.

 

Walter_Kacynski's avatar
Walter_Kacynski
Icon for Cirrostratus rankCirrostratus
May 04, 2015
I've been challenged by this for a long time. As support described it to me these pages are delivered in two phases. First the PHP process runs and this output is piped to APM where it performs a find and replace on the %{} syntax.