Bug ID 667076: WebSocket URLs over SSL don't match when differentiate HTTP/HTTPS is disabled

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: May 30, 2017
Severity: 3-Major
Related AskF5 Article:
K92494571

Symptoms

A WebSocket URL is not detected as such in the switch-protocol request.

Impact

Over the SSL connection the request URL is not detected as '/wss' but as the wildcard URL. Over the non-SSL connection the request will be detected as '/wss' the WebSocket URL.

Conditions

-- ASM policy with 'Differentiate between HTTP/WS and HTTPS/WSS URLs' disabled. -- Explicit WebSocket URLs, '/wss' configured. -- The ASM policy is attached to both a non-SSL virtual server and an SSL virtual server. -- Requests arrives, one from the SSL connection and one from the non-SSL connection.

Workaround

Enable 'Differentiate between HTTP/WS and HTTPS/WSS URLs'.

Fix Information

A WebSocket URL is now detected as such in the switch-protocol request.

Behavior Change