Bug ID 926929: RFC Compliance Enforcement lacks configuration availability

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.0.1, 16.0.0, 15.0.1.4, 13.1.3.4

Fixed In:
16.1.0, 16.0.1.2, 15.1.2.1, 14.1.4, 13.1.4

Opened: Jul 14, 2020

Severity: 3-Major

Symptoms

Earlier versions contained fixes that enforce several RFC compliance items for HTTP request and response processing by BIG-IP systems. Enforcement for some of these items is unavoidable, but might cause issues for certain applications.

Impact

Some applications that require certain constructions after a header name may not function.

Conditions

The configuration has a virtual server with an HTTP profile.

Workaround

None

Fix Information

A configuration item has been introduced to manage RFC-compliance options. In releases 13.1.4, 14.1.4, 15.1.2.1 and 16.0.1.2 and in subsequent releases in those families, a global flag is used to control the enforcement: sys db tmm.http.rfc.allowwsheadername The possible values are "enabled" and "disabled"; the default is "enabled". In release 16.1.0 and subsequent releases, there are two per-profile options; these have been added to the Configuration Utility's configuration page for HTTP profiles, in the 'Enforcement' section: -- Enforce RFC Compliance -- Allow Space Header Name The following sample output shows how the RFC-compliance and whitespace-enforcement settings might appear in tmsh, if enabled: (tmos)# list ltm profile http http-wsheader ltm profile http http-wsheader { app-service none defaults-from http enforcement { allow-ws-header-name enabled rfc-compliance enabled } proxy-type reverse }

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips