Bug ID 667076: WebSocket URLs over SSL don't match when differentiate HTTP/HTTPS is disabled

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: May 30, 2017
Severity: 3-Major
Related AskF5 Article:


A WebSocket URL is not detected as such in the switch-protocol request.


Over the SSL connection the request URL is not detected as '/wss' but as the wildcard URL. Over the non-SSL connection the request will be detected as '/wss' the WebSocket URL.


-- ASM policy with 'Differentiate between HTTP/WS and HTTPS/WSS URLs' disabled. -- Explicit WebSocket URLs, '/wss' configured. -- The ASM policy is attached to both a non-SSL virtual server and an SSL virtual server. -- Requests arrives, one from the SSL connection and one from the non-SSL connection.


Enable 'Differentiate between HTTP/WS and HTTPS/WSS URLs'.

Fix Information

A WebSocket URL is now detected as such in the switch-protocol request.

Behavior Change