Bug ID 552498: APMD basic authentication cookie domains are not processed correctly

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.2.1, 11.4.1, 11.6.0

Fixed In:
12.1.0, 11.6.1, 11.5.4 HF2, 11.4.1 HF10

Opened: Oct 14, 2015

Severity: 3-Major

Symptoms

401 responses containing Set-Cookie headers might not be processed correctly. Domains that begin with a dot will be truncated and the cookies will not be sent to pool members.

Impact

Cookies assigned during the authentication handshake might not be sent to pool members.

Conditions

An access policy needs to use Basic or NTLM authentication and one or more of the 401 responses must contain Set-Cookie headers. If a domain is specified and the domain begins with a dot, it will not be processed correctly.

Workaround

An iRule can be used to process the 401 responses and remove any leading dots from domain fields of Set-Cookie headers.

Fix Information

Domain fields in Set-Cookie headers found in 401 responses are processed correctly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips