Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Opened: Aug 11, 2017 Severity: 3-Major
Prior to BIG-IP v12.1.0, LTM Policy implicitly allowed certain fields to contain Tcl expressions, which would be evaluated and used at runtime. Version 12.1.0 expanded the number of LTM Policy action fields that allow Tcl expressions, and also added the restriction that these fields must begin with the 4-character prefix tcl: to differentiate between a Tcl runtime expansion and a simple text string.
The migration process, which should find this situation and automatically correct it, can miss in certain cases, leaving a configuration that may fail validation and not load.
Pre-v12.1.0 LTM Policy containing an action that has a Tcl expression in one of the following actions, and does not begin with 'tcl:' prefix http-uri - value - path - query string or http-reply - location
Edit configuration file, manually add the 'tcl:' (without the quotes) prefix for the following actions: http-uri plus value/path/query http-reply plus location
None