Forum Discussion

Rodrihe's avatar
Rodrihe
Icon for Altocumulus rankAltocumulus
Jul 10, 2019

TSPD and Javascript Challenge

Hi DevCentral community!

 

I have a problem with the ASM and Javascript challenge, let me explain you what is happening, what is configured and what I searched :)

 

1) - I have configured an ASM Policy, on V12.1.2, where DoS protection is disabled, CSRF Protection is disabled and Web Scraping is disabled (this is not decided by me, it's a money thing between boss-client).

2) - Since the ASM was enabled in blocking mode, after 21 days of learning period, a pop-up appears when users try to edit Documents from SharePoint:

The URL is https://XXX/TSPD/.....

3) - I read the Proactive Bot defense Guide and the Web Scraping Bot Detetion article also, I 've searched on DevCentral for similar problems

 

Even I read this I'm not sure 100% sure why is happening this issue. Seems, per this question that even if everything is off, challenge can be set. I'm not sure how to solve it, this is what I understood that I have to do:

 

  • Whiteliste on a LTM policy the resource path (disable the ASM)
  • Whitelist on a LTM policy /TSPD/ and /TSbd/ path (disable the ASM)
  • Check that javascript is enabled on the Browser
  • Disable the caching of dynamic pages by injecting 'Cache-Control: no-cache'

 

Thanks for your time and your help!

 

Regards

  • Hi Rodrihe,

     

    My guess would be that you might still have a feature enabled that is inserting the cookie. Please take a look at the following article. Specifically the section titled "The ASM Feature cookies". That section lists a few other features that could be inserting the cookie. I would recommend checking to see if any of those are enabled.

     

    K6850: Overview of ASM cookies

    https://support.f5.com/csp/article/K6850

     

    If it ends up looking like they are all disabled but you are still seeing the cookie then it may be worth opening a case with Support to have them take a closer look at the policy itself.

     

    -Nathan F

    • Rodrihe's avatar
      Rodrihe
      Icon for Altocumulus rankAltocumulus

      Many many thanks  

      Going to take a look and I'll come back 🙂

       

      Love Devcentral community (L)

       

      Regards!