Bug ID 521711: HTTP closes connection if client sends non-keepalive request and server responds with 200 OK on One-Connect enabled virtual

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1

Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4 HF2

Opened: May 06, 2015
Severity: 3-Major
Related AskF5 Article:
K14555354

Symptoms

If the client sends a non-keepalive CONNECT request (in HTTP 1.0 with no Connection header, in 1.1 with Connection: close) to a OneConnect-enabled virtual server, HTTP forces the connection closed by sending FIN on both client and server flows, even if the server responds with a 200. If the connect is successful, HTTP should leave flows open regardless of the HTTP headers.

Impact

HTTP adds a Connection: close header when responding to the client after a successful response is received from the server. In addition, HTTP closes the connection by sending FIN on both client and server flows. If the server responds to the CONNECT request with 200 OK, the connection should remain open.

Conditions

- HTTP and OneConnect profiles are attached to the virtual server. - Client sends a non-keepalive CONNECT request (either 1.0/no-Connection-Header request or 1.1/'Connection: close' header. - Server responds to the CONNECT request with successful 200 OK.

Workaround

You can use the following iRule to work around this issue: when HTTP_REQUEST { if { [HTTP::method] eq "CONNECT" } { HTTP::disable } }

Fix Information

HTTP now keeps the connection open if client sends a non-keepalive request and server responds with 200 OK on One-Connect enabled virtual. This is correct behavior.

Behavior Change