Forum Discussion

Aaron_Longnecke's avatar
Icon for Nimbostratus rankNimbostratus
Nov 22, 2011

Parameter interfering with web site pop-up

I have a web application running on a box behind a BIG-IP system running both LTM and ASM. before we turned on the ASM features, we could access the pop-ups that it would create from a link in the browser. When we turned on the ASM, it started adding a parameter to the URL, which causes the pop-ups to resolve incorrectly. The URL ends up trying to open up /source?CSRT=********?session=true. Is there any way to get rid of the bold portion so that this can resolve correctly?


2 Replies

  • Ido_Breger_3805's avatar
    Historic F5 Account
    Hi Aaron,


    What you see is the paramater that ASM adds in order to protect against CSRF.


    You can either disable that protection for the popup URL, or, upgrade to V11 where this issue is fixed (ASM will clean that paramater before it forward the request to the web server)