Bug ID 517245: A request that should be blocked was forwarded to the server

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Apr 09, 2015

Severity: 3-Major

Symptoms

A request that should be blocked is forwarded to to the server.

Impact

In case the request should have been blocked, it will arrive to the server.

Conditions

The following conditions - 1. The "do nothing" header content profile on the request URL OR the request is longer than the max buffer size. while the exceed buffer length violation is turned off. (both cases causes an ignore payload state). 2. An irule or session tracking is assigned on the virual server.

Workaround

N/A

Fix Information

We fixed a scenario where a request that should have been blocked still reached the server.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips