Bug ID 757360: Category lookup returns wrong category on subsequent traffic following initial HTTP CONNECT traffic through SSLO

Last Modified: Jul 18, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5

Fixed In:
15.0.0, 14.1.0.6

Opened: Feb 01, 2019
Severity: 3-Major

Symptoms

Category lookup returns the wrong category on subsequent traffic following initial HTTP CONNECT traffic through F5 SSL Orchestrator (SSLO).

Impact

Category Match is not performed on subsequent requests, resulting in fallback branch to be taken.

Conditions

-- Outbound deployment configured in SSLO, where SSLO behaves as a transparent proxy. -- A policy has a branch to lookup category using HTTP Connect. -- An HTTPS client generates HTTPS traffic via an explicit proxy on the local network with a private address through SSLO as the gateway.

Workaround

None.

Fix Information

Category lookup now works correctly in this scenario.

Behavior Change