Bug ID 539446: HTTP::proxy disable sometimes results in a mangled URI

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Opened: Aug 12, 2015

Severity: 3-Major

Related Article: K93085358

Symptoms

The use of HTTP::proxy disable for proxy chaining might result in a mangled URL.

Impact

Mangled URL that the backend proxy rejects.

Conditions

For each session, the very first request with the Proxy-Authorization header will get a RST, although the authentication is successful. That means that the request is not proxied to the backend proxy. Further requests are processed normally.

Workaround

Use a modified iRule to work around this issue: when HTTP_PROXY_REQUEST { log local0. "[HTTP::method] [HTTP::uri]" if {[HTTP::header exists Proxy-Authorization]} { log local0. "Proxy-Authorization found" set loc [expr [string first [HTTP::host] [HTTP::uri]] + [string length [HTTP::host]]] set uri [string range [HTTP::uri] $loc [string length [HTTP::uri]]] HTTP::uri $uri log local0. "modified URI: [HTTP::uri]" unset loc unset uri } HTTP::proxy disable #pool /Common/P_proxy }

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips