Parameter interfering with web site pop-up

Question

I have a web application running on a box behind a BIG-IP system running both LTM and ASM. before we turned on the ASM features, we could access the pop-ups that it would create from a link in the browser. When we turned on the ASM, it started adding a parameter to the URL, which causes the pop-ups to resolve incorrectly. The URL ends up trying to open up /source?CSRT=********?session=true. Is there any way to get rid of the bold portion so that this can resolve correctly?

ido_breger_3805 · Answer

Hi Aaron, 
&nbsp; What you see is the paramater that ASM adds in order to protect against CSRF. 
&nbsp; You can either disable that protection for the popup URL, or, upgrade to V11 where this issue is fixed (ASM will clean that paramater before it forward the request to the web server) 
&nbsp; Cheers, 
&nbsp; Ido

aaron_longnecke · Answer

Thank you very much, I'll look into it when I get back.

Forum Discussion

Parameter interfering with web site pop-up

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

Parameter Value - Regular Expression

AWAF Path Parameters with OPENAPI json file

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS