Parameter interfering with web site pop-up

Question

I have a web application running on a box behind a BIG-IP system running both LTM and ASM. before we turned on the ASM features, we could access the pop-ups that it would create from a link in the browser. When we turned on the ASM, it started adding a parameter to the URL, which causes the pop-ups to resolve incorrectly. The URL ends up trying to open up /source?CSRT=********?session=true. Is there any way to get rid of the bold portion so that this can resolve correctly?

ido_breger_3805 · Answer

Hi Aaron, 
&nbsp; What you see is the paramater that ASM adds in order to protect against CSRF. 
&nbsp; You can either disable that protection for the popup URL, or, upgrade to V11 where this issue is fixed (ASM will clean that paramater before it forward the request to the web server) 
&nbsp; Cheers, 
&nbsp; Ido

aaron_longnecke · Answer

Thank you very much, I'll look into it when I get back.

Forum Discussion

Parameter interfering with web site pop-up

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Brute Force protection for single parameter like OTP

APM Webtop SSL-VPN pop up customization

Wildcard Parameter signature attack

Parameter Value - Regular Expression

AWAF Path Parameters with OPENAPI json file

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS