Last Modified: Feb 14, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
16.1.0, 16.0.1, 16.0.0, 15.0.1.4, 13.1.3.4
Fixed In:
16.1.0, 16.0.1.2, 15.1.2.1, 14.1.4, 13.1.4
Opened: Jul 14, 2020 Severity: 3-Major
Earlier versions contained fixes that enforce several RFC compliance items for HTTP request and response processing by BIG-IP systems. Enforcement for some of these items is unavoidable, but might cause issues for certain applications.
Some applications that require certain constructions after a header name may not function.
The configuration has a virtual server with an HTTP profile.
None
A configuration item has been introduced to manage RFC-compliance options. In releases 13.1.4, 14.1.4, 15.1.2.1 and 16.0.1.2 and in subsequent releases in those families, a global flag is used to control the enforcement: sys db tmm.http.rfc.allowwsheadername The possible values are "enabled" and "disabled"; the default is "enabled". In release 16.1.0 and subsequent releases, there are two per-profile options; these have been added to the Configuration Utility's configuration page for HTTP profiles, in the 'Enforcement' section: -- Enforce RFC Compliance -- Allow Space Header Name The following sample output shows how the RFC-compliance and whitespace-enforcement settings might appear in tmsh, if enabled: (tmos)# list ltm profile http http-wsheader ltm profile http http-wsheader { app-service none defaults-from http enforcement { allow-ws-header-name enabled rfc-compliance enabled } proxy-type reverse }