Bug ID 1094165: Access policy is passed without being evaluated if a request is sent while deleting a session

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6

Opened: Apr 05, 2022

Severity: 3-Major

Symptoms

Some APM connections are allowed even though the previous session has timed out.

Impact

Client request is allowed without going through the access policy.

Conditions

A request arrives at the same time a session teardown occurs due to a timeout

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips