Bug ID 1068621: HTTP Response Headers Allowed are not compatible with access policies.

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Dec 17, 2021
Severity: 4-Minor

Symptoms

APM is not compatible with the HTTP Profile "Response Headers Allowed."

Impact

Many headers in 'HTTP response' will be stripped off from APD response and which leads to HTTP response validation failure.

Conditions

A HTTP profile with "Response Headers Allowed" is attached to APM virtual server and access.

Workaround

Include specific internal APM headers (e.g. APD_OAuthRedirect, APD_Result, APD_AgentName, APD_SID) in the "Response Headers Allowed" along with other related headers.

Fix Information

None

Behavior Change