Bug ID 881757: Unnecessary HTML response parsing and response payload is not compressed

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1

Fixed In:
16.1.0, 16.0.1.2, 15.1.1, 14.1.4.2

Opened: Feb 17, 2020
Severity: 3-Major

Symptoms

When either DoS Application Profile or Bot Defense profiles are used, or a complex LTM policy is used, the Accept-Encoding request header is removed by the BIG-IP system, which causes the backend server to respond with uncompressed payload. Second effect is that the Bot Defense Profile and L7 DoS profile are always, not conditionally, considered internally as a profile that modifies a body that satisfies HTTP profile chunking configuration 'sustain' (default mode) triggering client-side chunking. This causes a response in the server-side that is unchunked to be always chunked in client-side with the mode set to 'sustain'.

Impact

-- Response payload sent by the backend server is uncompressed. -- Performance impact caused by response parsing.

Conditions

One of these options: -- Bot Defense Profile is associated with the Virtual Server. -- DoS Profile is associated with the Virtual Server and has Application (L7) enabled. -- Policy is associated with the Virtual Server and has complex LTM Policy: multiple Policies, or additional rules.

Workaround

For version 15.1.0 and later, you can use the following workaround: Disable the option for modification of Referer header: tmsh modify sys db asm.inject_referrer_hook value false Note: Using this brings back the impact of ID792341 (see https://cdn.f5.com/product/bugtracker/ID792341.html). For versions earlier than 15.1.0, there is no workaround.

Fix Information

The system no longer removes the Accept-Encoding header and no longer parses response payload if not needed based on configuration.

Behavior Change