Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Apr 21, 2017 Severity: 3-Major Related Article:
K51990567
A virtual server that has the 'Verified Accept' TCP option enabled will fail to include persistence cookies in the first response on an HTTP connection.
BIG-IP behavior is inconsistent in use of persistence cookies, and may incorrectly load-balance subsequent requests from a client when the expectation is that those requests should have a persist cookie (except the BIG-IP never sent one).
Using cookie persistence when 'Verified Accept' is enabled in the TCP profile.
Apply an iRule such as this to a virtual server with Verified Accept configured: when HTTP_REQUEST { # Bypass verified-accept handling on first request and force a LB decision / persist lookup if { [HTTP::request_num] == 1 } { LB::detach } }
None