Last Modified: Oct 07, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
17.5.1.2
Opened: Jun 10, 2025 Severity: 2-Critical
Endpoint inspection may not start when virtual server is accessed from Chrome browser of MacOS. When refreshed it may work properly. Also client-type agent in access policy incorrectly detects MacOS as win11.
Server incorrectly detects client platform macOS as win11
-- User accesses virtual server via a Chrome browser on MacOS. -- Access policy has "client os" agent in VPE.
When HTTP_REQUEST { if {[HTTP::uri] equals "/my.policy"} { if {[HTTP::header exists "Sec-CH-UA-Platform-Version"] && [HTTP::header exists "Sec-CH-UA-Platform"]} { set platform [string tolower [HTTP::header value "Sec-CH-UA-Platform"]] set platform [string tolower [string trim [string map {\" ""} $platform]]] if { $platform ne "windows" } { HTTP::header remove "Sec-CH-UA-Platform-Version" log local0. "Removing header $platform" } } } } when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable }
Server should detect platform correctly if client is using macOS.