Bug ID 1135261: TCP connections carrying multiple HTTP requests may not work as intended when HTTP chunking and specific iRule commands are in use

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3

Opened: Aug 09, 2022
Severity: 3-Major

Symptoms

- The BIG-IP system only successfully responds to the first HTTP request per TCP connection. - Any following HTTP request is not responded, the TCP connection is reset, and the BIG-IP system logs an error similar to the following example to the /var/log/ltm file: Jul 11 18:03:10 bigip.local err tmm[4044]: 01220001:3: TCL error: /Common/my-rule <HTTP_REQUEST_DATA> - Expired (line 1) invoked from within "HTTP::payload"

Impact

Inability to pass more than one HTTP request per TCP connection. Applications may display poor performance as a result or not function at all.

Conditions

- The inbound HTTP requests carry a payload and use HTTP chunking as the transfer encoding. - The standard (tcp+http) virtual server on the BIG-IP system uses an iRule that employs the HTTP::collect + HTTP::payload + HTTP::respond commands.

Workaround

If you control the HTTP clients and can change their behavior, avoid using HTTP chunking there. Alternatively, rewrite the iRule so that HTTP::collect and HTTP::payload are not invoked. Note: This issue does not affect versions 15.0.0 and later. Upgrading the BIG-IP system to a recent software version is recommended.

Fix Information

None

Behavior Change