Bug ID 436072: Use 'HTTP::disable' to disable HTTP module in SSL forward proxy bypass.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.6.0

Opened: Oct 31, 2013
Severity: 3-Major
Related AskF5 Article:
K17068

Symptoms

Switch to SSL forward proxy bypass does not abort all of the modules between SSL and TCP-PROXY, which might result in an unexpected TMM crash.

Impact

Calling 'HTTP::disable' on different events may cause TMM to crash.

Conditions

SSL forward proxy bypasses traffic and HTTP::disable is called on various events.

Workaround

Disable HTTP profile in SERVER_CONNECTED: when SERVER_CONNECTED { HTTP::disable }

Fix Information

SSL forward proxy now supports policy based bypass. When it converts to bypass mode, SSL forward proxy automatically abort all modules/profiles in between TCP-PROXY and SSL. Calling HTTP::disable on events is not needed.

Behavior Change

When SSL forward proxy converts to bypass mode, it aborts all the modules between itself and tcp proxy. This includes abort the http module. Calling 'HTTP::disable' for SSL forward proxy bypass is not needed.