Operational Defect Database
BugZero found this defect 1094 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1017645
False positive HTTP compliance violation
Last update date:
5/17/2024
Affected products:
BIG-IP
BIG-IP ASM
Affected releases:
16.0.1.1
16.0.1
16.0.0
15.1.3
15.1.2
14.1.4.2
Fixed releases:
16.1.0
16.0.1.2
15.1.4
14.1.4.3
13.1.4.1
Description:
False-positive traffic blocking. ... Conditions ... Authorization header with bearer token and/or some other authorization headers types. ... Workaround ... Turn on an internal parameter by entering the following command from the BIG-IP CLI: /usr/share/ts/bin/add_del_internal add ignore_authorization_header_decode_failure 1 Then restart ASM for this to take effect: bigstart restart asm ... Fix Information ... The RFC compliance violation is no longer issued for unknown types of authorization headers. ... Behavior Change
