Symptoms

HTTP tunneling with CONNECT method might cause BD to hang during the ingress process under the right conditions, this results in occupation of the XDATA which eventually may lead to TMM core due to low memory.

Impact

The connection stays open between the enforcer and the client after a response violation is received. Traffic disrupted while tmm restarts.

Conditions

A virtual server that does not support the HTTP CONNECT method is attached to an ASM policy with an "Illegal method" violation set to not blocking and "Illegal HTTP status in response" set to blocking.

Workaround

Set "Illegal method" to blocking in the ASM policy.

Fix Information

None

Behavior Change