Bug ID 914061: BIG-IP may reject a POST request if it comes first and exceeds the initial window size

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Jun 03, 2020
Severity: 3-Major


HTTP/2 protocol allows a negative flow-control window on initial stage of communication while first 65,535 bytes of payload are delivered from a peer. BIG-IP may break this requirement.


BIG-IP denies the POST request and sends RST_STREAM.


-- BIG-IP has a virtual server with http2 profile. -- A configured receive window size in the http2 profile is below 64K (default 32K). -- A peer sends POST request with payload exceeding initial receive window size over HTTP/2 connection.



Fix Information

BIG-IP allows a negative flow-control window on initial request allowing a peer to fill all 65,535 bytes of flow-control window even if it exceeds an advertised receive window size.

Behavior Change

For an HTTP/2 client or a server BIG-IP may impose a delay up to 20 seconds if a peer sends 65,535 bytes of payload over a single stream and does not respond timely with SETTINGS/ACK frame to a SETTINGS frame sent by BIG-IP.