TSPD and Javascript Challenge

Question

Hi DevCentral community!&nbsp;I have a problem with the ASM and Javascript challenge, let me explain you what is happening, what is configured and what I searched :)&nbsp;1) - I have configured an ASM Policy, on V12.1.2, where DoS protection is disabled, CSRF Protection is disabled and Web Scraping is disabled (this is not decided by me, it's a money thing between boss-client).2) - Since the ASM was enabled in blocking mode, after 21 days of learning period, a pop-up appears when users try to edit Documents from SharePoint:				The URL is https://XXX/TSPD/.....3) - I read the Proactive Bot defense Guide and the Web Scraping Bot Detetion article also, I 've searched on DevCentral for similar problems&nbsp;Even I read this I'm not sure 100% sure why is happening this issue. Seems, per this question that even if everything is off, challenge can be set. I'm not sure how to solve it, this is what I understood that I have to do:&nbsp;Whiteliste on a LTM policy the resource path (disable the ASM)Whitelist on a LTM policy /TSPD/ and /TSbd/ path (disable the ASM)Check that javascript is enabled on the BrowserDisable the caching of dynamic pages by injecting 'Cache-Control: no-cache'&nbsp;Thanks for your time and your help!&nbsp;Regards

rodrihe · Answer

Many many thanks &nbsp;Going to take a look and I'll come back 🙂&nbsp;Love Devcentral community (L)&nbsp;Regards!

nathan_f__f5_ · Answer

Hi Rodrihe,&nbsp;My guess would be that you might still have a feature enabled that is inserting the cookie. Please take a look at the following article. Specifically the section titled "The ASM Feature cookies". That section lists a few other features that could be inserting the cookie. I would recommend checking to see if any of those are enabled.&nbsp;K6850: Overview of ASM cookieshttps://support.f5.com/csp/article/K6850&nbsp;If it ends up looking like they are all disabled but you are still seeing the cookie then it may be worth opening a case with Support to have them take a closer look at the policy itself.&nbsp;-Nathan F

Forum Discussion

TSPD and Javascript Challenge

2 Replies

Recent Discussions

Unable to add R Series as Provider in BIGIP NEXT CM

SIGSEGV on 15.1.10.x

Deny access to F5 management from specific addresses

Ansible - Running bash commands with bigip_command module - How it's done

Adding an ASM policy to an APM VIP used for Citrix access

Related Content

F5 ASM | Bot Defense | TSPD JavaScript errors

End of Year 2022 security challenges and new year wishes

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

Journey to the Multi-Cloud Challenges

Google reCAPTCHA Challenge iRule