Bug ID 644041: HTTP response-headers-permitted profile option removes listed headers

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0

Fixed In:
13.0.0 HF1

Opened: Feb 09, 2017
Severity: 3-Major
Related AskF5 Article:
K51884304

Symptoms

The HTTP response-headers-permitted option should remove headers, but not the ones listed. However, it currently will also remove the listed headers by mistake. This makes this profile option remove all HTTP headers, except for a hard-coded whitelist of headers.

Impact

Extra headers will be removed from HTTP responses.

Conditions

The HTTP response-headers-permitted profile option is used.

Workaround

None.

Fix Information

The HTTP response-headers-permitted profile option now works as designed again.

Behavior Change