Forum Discussion

Rodrihe's avatar
Icon for Altocumulus rankAltocumulus
Jul 10, 2019

TSPD and Javascript Challenge

Hi DevCentral community!


I have a problem with the ASM and Javascript challenge, let me explain you what is happening, what is configured and what I searched :)


1) - I have configured an ASM Policy, on V12.1.2, where DoS protection is disabled, CSRF Protection is disabled and Web Scraping is disabled (this is not decided by me, it's a money thing between boss-client).

2) - Since the ASM was enabled in blocking mode, after 21 days of learning period, a pop-up appears when users try to edit Documents from SharePoint:

The URL is https://XXX/TSPD/.....

3) - I read the Proactive Bot defense Guide and the Web Scraping Bot Detetion article also, I 've searched on DevCentral for similar problems


Even I read this I'm not sure 100% sure why is happening this issue. Seems, per this question that even if everything is off, challenge can be set. I'm not sure how to solve it, this is what I understood that I have to do:


  • Whiteliste on a LTM policy the resource path (disable the ASM)
  • Whitelist on a LTM policy /TSPD/ and /TSbd/ path (disable the ASM)
  • Check that javascript is enabled on the Browser
  • Disable the caching of dynamic pages by injecting 'Cache-Control: no-cache'


Thanks for your time and your help!



2 Replies

  • Hi Rodrihe,


    My guess would be that you might still have a feature enabled that is inserting the cookie. Please take a look at the following article. Specifically the section titled "The ASM Feature cookies". That section lists a few other features that could be inserting the cookie. I would recommend checking to see if any of those are enabled.


    K6850: Overview of ASM cookies


    If it ends up looking like they are all disabled but you are still seeing the cookie then it may be worth opening a case with Support to have them take a closer look at the policy itself.


    -Nathan F

    • Rodrihe's avatar
      Icon for Altocumulus rankAltocumulus

      Many many thanks  

      Going to take a look and I'll come back 🙂


      Love Devcentral community (L)