Bug ID 678976: Do not print all HTTP headers to avoid printing user credentials to /var/log/apm.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.1, 11.6.3, 11.5.6

Opened: Aug 17, 2017

Severity: 3-Major

Related Article: K24756214

Symptoms

VDI debug logs print user credentials to /var/log/apm.

Impact

User credentials are written to /var/log/apm.

Conditions

VDI debug logs are enabled and VDI functionality is used on the virtual server.

Workaround

Set VDI debug level to Notice.

Fix Information

The system no longer prints user credentials to VDI debug logs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips