Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

caisys's avatar
caisys
Icon for Nimbostratus rankNimbostratus
Dec 05, 2020

Unusual requests initiated by /TSPD directory on f5 firewall

I developed a website for a client who deployed it behind an F5 firewall. I noticed that when accessing the site for the fist time the home page is not served. Instead an blank html page with some ja...
big-ip
Secure Web Gateway
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Dec 07, 2020

This is normal JavaScript injection used by F5 Adv. WAF to assess a client for the purpose of fingerprinting to determine if it's malicious or legitimate. Fingerprinting comes in two forms: active and passive. Passive fingerprinting doesn't Query the client--it only checks for a list of attributes. Active fingerprinting challenges the client. It can force a client to prove it supports the JavaScript API, execute mathematical challenges, and a range of other tests that verify the client is what it claims to be. Even sophisticated bots cannot fake replies. What you are seeing is the client-side challenge where the browser fingerprinting is occurring. The white page you see is transient and should not cause any performance degradation. The firewall cannot be compromised.