Bug ID 1015117: Headers are corrupted during modification/insertion if a mix of end-of-line markers <CRLF> and <LF> are used

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.0.1.1, 16.0.1, 16.0.0.1, 16.0.0, 15.1.4, 15.1.3, 15.1.2.1, 15.0.1.4, 14.1.4.4, 14.1.4.3, 14.1.4.2, 14.1.4.1, 14.1.4, 13.1.4, 13.1.3.6, 13.1.3.5, 13.1.3.4

Opened: Apr 28, 2021
Severity: 4-Minor

Symptoms

HTTP header corruption occurs after insertion/modification using an iRule in HTTP Headers which contain mixed end-of-line markers <CRLF> and <LF>.

Impact

Inserted headers get concatenated in such a way that the HTTP request header gets corrupted.

Conditions

- HTTP virtual server - An iRule, policy or profile inserts an HTTP Request header - Such as x-forwarded-for - An HTTP request contains some lines that end with <CRLF> and some that end with <LF>

Workaround

Use HTTP headers with proper end-of-line markers in compliance with HTTP RFC

Fix Information

None

Behavior Change