Bug ID 816273: L7 Policies may execute CONTAINS operands incorrectly.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1

Fixed In:
15.1.0, 15.0.1.1, 14.1.2.3, 13.1.3.4

Opened: Aug 20, 2019

Severity: 1-Blocking

Symptoms

L7 Policies involving CONTAINS operands may execute incorrectly in some cases. The policy compiler may incorrectly combine some internal states, 'forgetting' degrees of partial evaluation of a CONTAINS operation.

Impact

The wrong policy actions may be triggered.

Conditions

Multiple CONTAINS conditions are used on the same virtual server.

Workaround

It may be possible to reorder the rules in a policy to restore correct operation. However, the more complex the policy, the less likely this is.

Fix Information

L7 Policy CONTAINS operations are compiled correctly. Policies with CONTAINS operations no longer trigger the wrong rule actions.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips