Bug ID 507419: Category Lookup by Subject.CN cannot be used in Per-Request policies for reverse proxy use.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Feb 17, 2015

Severity: 3-Major

Symptoms

Use of Category Lookup by Subject.CN in a reverse proxy configuration will result in a connection reset.

Impact

Category Lookup by Subject.CN cannot be used in per-request policies for reverse proxy use. This will require SSL profiles with SSL forward proxy deployed for correct operation.

Conditions

Category Lookup by Subject.CN requires the configuration of SSL forward proxy. Without this in place, the Subject.CN cannot be retrieved for use with Category Lookup.

Workaround

To work around the problem, you can use Category Lookup by SNI for equivalent functionality.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips