Bug ID 769853: Access Profile option to restrict connections from a single client IP is not honored for native RDP resources

Last Modified: Dec 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 15.0.0, 15.0.1

Fixed In:
15.1.0, 14.1.2.1, 14.0.1.1

Opened: Apr 06, 2019
Severity: 3-Major
Related AskF5 Article:
K24241590

Symptoms

When launching a native RDP resource (desktop/application) from APM Webtop, APM provides an RDP file to the browser and the browser invokes the native RDP client to launch the resource with the parameters specified in the RDP file. When Access profile option 'Restrict to Single Client IP' option is enabled, user should only be allowed to launch the resource from the client that initiated the request.

Impact

RDP file provided by APM can be used for launching the RDP resource on a client machine that did not initiate the APM session.

Conditions

-- APM Webtop is configured with native RDP resource. -- 'Restrict to Single Client IP' option is enabled in Access Profile.

Workaround

None.

Fix Information

When Access Profile option 'Restrict to Single Client IP' is enabled, APM restricts native RDP resource launch from the client that initiated the APM session.

Behavior Change