Bug ID 457109: Traffic misclassified and matching wrong rule in CPM policy.

Last Modified: Dec 15, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1

Fixed In:
11.6.0, 11.5.4 HF2, 11.4.1 HF6

Opened: Apr 14, 2014
Severity: 3-Major
Related AskF5 Article:
K16711

Symptoms

Traffic matches the wrong rule in Centralized Policy Management (CPM) policy. User traffic is matching either uri or host headers to rules that should not match the header.

Impact

Misclassification and forwarding of traffic.

Conditions

This issue is caused by long list of hosts in certain rules resulting in wrong execution of statemachine due to wraparound in shifting.

Workaround

This issue has no workaround at this time.

Fix Information

A range check has now been added to correctly classify and forward traffic in the case of incorrect rules in CPM policies.

Behavior Change