Bug ID 738197: IP address from XFF header is not taken into account when there are trailing spaces after IP address

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, AVR(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2

Fixed In:
15.0.0, 13.1.1.5

Opened: Jul 25, 2018
Severity: 3-Major

Symptoms

X-FORWARDED-FOR (XFF) header is ignored by BIG-IP ASM even though usage of XFF is enabled in HTTP profile. In DoS statistics, the original source IP is reported (instead of one taken from XFF).

Impact

Source IP is not reported as expected in all BIG-IP reports.

Conditions

There are spaces after IP address in the XFF header.

Workaround

Configure the proxy server to not add trailing spaces after the IP address in the XFF header.

Fix Information

Trailing spaces are now ignored when extracting IP addresses from XFF headers in AVR.

Behavior Change