Bug ID 703191: HTTP2 requests may contain invalid headers when sent to servers

Last Modified: Oct 07, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:

Fixed In:
14.1.0, 14.0.0,

Opened: Jan 23, 2018

Severity: 2-Critical


HTTP requests handled by an HTTP/2 virtual server may have blank header names when proxied through to the server or when handled via iRules.


HTTP/2 applications may generate CSRF-related errors. Alternately, the server may return intermittent (and from the client's perspective, spurious) 400 Bad Request responses.


-- Virtual server has the HTTP/2 profile assigned. -- Client and the BIG-IP system negotiate/use HTTP/2.


There is no workaround other than to remove the HTTP/2 profile from the virtual server.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips