Bug ID 2256985: Authentication delays occur with REST API requests when using X-Forwarded-For.

Last Modified: Jun 26, 2026

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6

Opened: Mar 23, 2026

Severity: 3-Major

Symptoms

Token-based authentication attempts via the iControl REST API to the /mgmt/shared/authn/login endpoint may experience significant delays when the request includes the X-Forwarded-For header and the device is configured with proxy servers.

Impact

Authentication processes are delayed by 60 to 120 seconds due to unnecessary reverse DNS lookups on unparsed X-Forwarded-For (XFF) header values. If the DNS server drops the request or is unreachable, it can result in extended delays and authentication failures caused by timeouts.

Conditions

This occurs when: * REST API call issued to /mgmt/shared/authn/login endpoint as part of Token Authentication * The X-Forwarded-For (XFF) header is included in the API login request.

Workaround

* Exclude the X-Forwarded-For header from iControl REST API requests. * Ensure DNS servers configured on the system is responsive to avoid prolonged lookups or returns NXDOMAIN error, if no such name exists.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips