Last Modified: Jun 26, 2026
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6
Opened: Mar 23, 2026 Severity: 3-Major
Token-based authentication attempts via the iControl REST API to the /mgmt/shared/authn/login endpoint may experience significant delays when the request includes the X-Forwarded-For header and the device is configured with proxy servers.
Authentication processes are delayed by 60 to 120 seconds due to unnecessary reverse DNS lookups on unparsed X-Forwarded-For (XFF) header values. If the DNS server drops the request or is unreachable, it can result in extended delays and authentication failures caused by timeouts.
This occurs when: * REST API call issued to /mgmt/shared/authn/login endpoint as part of Token Authentication * The X-Forwarded-For (XFF) header is included in the API login request.
* Exclude the X-Forwarded-For header from iControl REST API requests. * Ensure DNS servers configured on the system is responsive to avoid prolonged lookups or returns NXDOMAIN error, if no such name exists.
None