I need your help !
our customer using ASM
we don't using CSRF, ASM cookie, bot protection
which ASM function send this page to client ?
Do I understand that correct?
In that case I would enable JS in the browser. Does the message change, if you access the page with or without ASM enabled?
I would try to verify in first place, whether this message is sent by the BIG-IP at all. I would be highly surprised.
My approach to analyse this issue would be to access the application:
a) direct, bypassing the BIG-IP
b) via BIG-IP without ANY ASM features assigned to the VS
c) via BIG-IP with ASM features enabled
Use Developer Tools in Browser for a, b and c. Compare. Look for error messages, 404, etc.
Use tcpdump on F5 for b and c. Use the p flag to capture client- and server-side. Compare.
Pay attention to "Recommended Actions
If this doesn't help... I am out of ideas 🙂