Bug ID 498524: [Portal Access] Server-side URL parser interprets &# in URL as HTML entity in any case

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Dec 25, 2014
Severity: 4-Minor


URL may contain a character sequence, &# (ampersand, pound) that is not a part of HTML entity, for instance: http://example.com/some/path?query&#fragment In this example, &# is not a beginning of a valid HTML entity and should be left untouched at rewriting.


URL with &# inside may not be rewritten.


URL containing a &# character sequence that is not a part of HTML entity.


Use an iRule with two steps: - Modifies the original URL to let it be rewritten. - Modifies the rewritten URL to revert changes made by 1st step, as shown in the following example: a) Original URL: http://example.com/path?aa=bb&#fragment. b) URL after 1st step of iRule: http://example.com/path?aa=bb&@F5_@#fragment. c) Rewritten URL before 2nd step of iRule: https://bigip.system.name.com/f5-w-687474703a2f2f6578616d706c652e636f6d$$/path?aa=bb&F5CH=I@F5_@#fragment. d) URI corrected by 2nd step of iRule: https://bigip.system.name.com/f5-w-687474703a2f2f6578616d706c652e636f6d$$/path?aa=bb&F5CH=I#fragment. In other words, the second step removes insertions made by the first step.

Fix Information

Now, a URL containing &# character sequences are rewritten correctly, even if the &# fragment does not belong to a valid HTML entity.

Behavior Change