Forum Discussion
Rodrihe
Altocumulus
AltocumulusTSPD and Javascript Challenge
Hi DevCentral community!
I have a problem with the ASM and Javascript challenge, let me explain you what is happening, what is configured and what I searched :)
1) - I have configured an ASM Policy, on V12.1.2, where DoS protection is disabled, CSRF Protection is disabled and Web Scraping is disabled (this is not decided by me, it's a money thing between boss-client).
2) - Since the ASM was enabled in blocking mode, after 21 days of learning period, a pop-up appears when users try to edit Documents from SharePoint:
The URL is https://XXX/TSPD/.....
3) - I read the Proactive Bot defense Guide and the Web Scraping Bot Detetion article also, I 've searched on DevCentral for similar problems
Even I read this I'm not sure 100% sure why is happening this issue. Seems, per this question that even if everything is off, challenge can be set. I'm not sure how to solve it, this is what I understood that I have to do:
- Whiteliste on a LTM policy the resource path (disable the ASM)
- Whitelist on a LTM policy /TSPD/ and /TSbd/ path (disable the ASM)
- Check that javascript is enabled on the Browser
- Disable the caching of dynamic pages by injecting 'Cache-Control: no-cache'
Thanks for your time and your help!
Regards
Nathan_F__F5_Employee
Hi Rodrihe,
My guess would be that you might still have a feature enabled that is inserting the cookie. Please take a look at the following article. Specifically the section titled "The ASM Feature cookies". That section lists a few other features that could be inserting the cookie. I would recommend checking to see if any of those are enabled.
K6850: Overview of ASM cookies
https://support.f5.com/csp/article/K6850
If it ends up looking like they are all disabled but you are still seeing the cookie then it may be worth opening a case with Support to have them take a closer look at the policy itself.
-Nathan F
RodriheMany many thanks
Going to take a look and I'll come back 🙂
Love Devcentral community (L)
Regards!