Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Opened: May 31, 2019 Severity: 3-Major
When the HTTP profile is configured with the Rechunk setting, and the payload is compressed, the HTTP compression profile may refuse to decompress the content if, during decompression, the uncompressed payload size would exceed the defined threshold.
A connection is reset due to an error, and a response is not served.
-- A virtual server is configured with an HTTP profile, specifying the recheck setting for response-chunking. -- Profile http-compression is also attached to the virtual server. -- A server provides a compressed response with a 'Transfer-Encoding: gzip' header. -- The compressed ratio of the uncompressed-to-compressed payload size exceeds the predefined threshold.
Adjust threshold and maximum allowed size in MBytes to allow a rejected response to pass the BIG-IP system using DB variables: compression.zlibinflateratio.threshold compression.zlibbombsensitivity.sizemb
None