Bug ID 712362: ASM stalls WebSocket frames after legitimate websockets handshake with 101 status code, but without 'Switching Protocols' reason phrase

Last Modified: May 22, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 13.1.0.8, 12.1.3.6

Opened: Mar 28, 2018
Severity: 3-Major

Symptoms

When the WebSocket HTTP handshake response comes without 'Switching Protocols' reason phrase at the first line, the ASM does not follow up WebSocket frames on the WebSocket's connection. The system posts the following messages in /ts/log/bd.log: -- IO_PLUGIN|ERR |Mar 28 09:16:15.121|30539|websocket.c:0269|101 Switching Protocols HTTP status arrived, but the websocket hanshake failed. -- IO_PLUGIN|ERR |Mar 28 09:16:15.121|30539|websocket.c:0270|Possible reasons are websocket profile isn't assigned on a virtual server or handshake is illegal.

Impact

WebSocket frames stalls.

Conditions

-- ASM provisioned. -- ASM policy and WebSocket profile attached to a virtual server. -- WebSocket backend server sends 101 response without the 'Switching Protocols' phrase.

Workaround

#1 Change the backend server: Change WebSocket backend server to return 101 response to include the 'Switching Protocols' reason phrase: HTTP/1.1 101 Switching Protocols #2 Use an irRule: when SERVER_CONNECTED { TCP::collect 15 } when SERVER_DATA { if { [TCP::payload 15] contains "HTTP/1.1 101 \r\n" } { TCP::payload replace 0 12 "HTTP/1.1 101 Switching Protocols" } }

Fix Information

This release correctly handles 101 responses even without the 'Switching Protocols' reason phrase.

Behavior Change