Bug ID 1040609: RFC enforcement is bypassed when HTTP redirect irule is applied to the virtual server.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Aug 13, 2021

Severity: 3-Major

Related Article: K21800102

Symptoms

Specifically crafted HTTP request may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server.

Impact

Specifically crafted HTTP request might lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server.

Conditions

RFC enforcement enabled from the HTTP profile or tmm.http.rfc.enforcement db variable. HTTP redirect irule applied to virtual server. Running a BIG-IP version that contains the fix for the issue described in K50375550: A specifically crafted HTTP request might lead the BIG-IP system to pass malformed HTTP requests to a backend server

Workaround

N/A

Fix Information

The issue is fixed with content-length header stripped off when both Content-Length and Transfer-Encoding present in the header.

Behavior Change

The content-length header is removed when both content-length and Transfer-Encoding are present in the header.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips