Bug ID 644041: HTTP response-headers-permitted profile option removes listed headers

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0

Fixed In:
13.0.0 HF1

Opened: Feb 09, 2017

Severity: 3-Major

Related Article: K51884304

Symptoms

The HTTP response-headers-permitted option should remove headers, but not the ones listed. However, it currently will also remove the listed headers by mistake. This makes this profile option remove all HTTP headers, except for a hard-coded whitelist of headers.

Impact

Extra headers will be removed from HTTP responses.

Conditions

The HTTP response-headers-permitted profile option is used.

Workaround

None.

Fix Information

The HTTP response-headers-permitted profile option now works as designed again.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips