Bug ID 755047: Category lookup returns wrong category on CONNECT traffic through SSLO

Last Modified: Jul 18, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5

Fixed In:
15.0.0, 14.1.0.6

Opened: Jan 09, 2019
Severity: 3-Major

Symptoms

Category lookup returns wrong category on CONNECT traffic through F5 SSL Orchestrator (SSLO).

Impact

Category Match is not performed, resulting in fallback branch to be taken.

Conditions

-- Outbound deployment configured in SSLO, where SSLO behaves as a transparent proxy. -- A policy has a branch to lookup category using HTTP Connect. -- An HTTPS client generates HTTPS traffic via an explicit proxy on local network with private address through SSLO as the gateway.

Workaround

None

Fix Information

Category lookup now works correctly in this scenario.

Behavior Change