Bug ID 1117305

Bug Tracker
ID 1117305

Bug ID 1117305: The /api, a non-existent URI returns different error response with or without correct Basic Authorization credentials

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2

Fixed In:
17.5.0, 17.1.1, 16.1.4, 15.1.9

Opened: Jun 20, 2022

Severity: 3-Major

Symptoms

The /api returns 401 when incorrect Basic Authorization credentials are supplied. The /api returns 404 when correct Basic Authorization credentials are supplied.

Impact

There is no functional impact, but all other non-existent URIs return a 302 redirect response to the TMUI login page irrespective of correct or incorrect Basic Authorization credentials, /api should also be invariably exhibiting the same behavior.

Conditions

Irrespective of the DB variable "httpd.basic_auth" value set to enable or disable.

Workaround

None

Fix Information

The /api like any other non-existent URI now returns a 302 redirect response to the TMUI login page irrespective of correct or incorrect Basic Authorization credentials.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips