Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Opened: Dec 15, 2016 Severity: 4-Minor
When using an "ACCESS::session create" in an iRule event that fires on events prior to the HTTP filter, the command will not create the uimode session variable. The ACCESS filter requires the uimode to be present, so the end-user will receive a reset and see log messages in /var/log/apm: Dec 13 15:47:24 slot3/jimvicg2mgmt err tmm2[27655]: 01490514:3: (null):Common:00000000: Access encountered error: ERR_VAL. File: ../modules/hudfilter/access/access.c, Function: access_process_state_client_enforce_session, Line: 6867 Dec 13 15:47:24 slot3/jimvicg2mgmt err tmm2[27655]: 01490514:3: (null):Common:00000000: Access encountered error: ERR_VAL. File: ../modules/hudfilter/access/access.c, Function: hud_access_handler, Line: 2628
End-users receive resets.
An iRule that creates an access session prior to HTTP. For example: when CLIENT_ACCEPTED { if { [ACCESS::session exists] } { log local0. "Found Access Session" } else { ACCESS::session create } }
Set the "session.ui.mode" session variable to "0" when creating the session: when CLIENT_ACCEPTED { if { [ACCESS::session exists] } { log local0. "Found Access Session" } else { ACCESS::session create ACCESS::session data set session.ui.mode "0" } }
None