Bug ID 924857: Logout URL with parameters resets TCP connection

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 16.0.0,, 16.0.1,

Fixed In:
16.1.0,, 15.1.2,

Opened: Jul 07, 2020

Severity: 3-Major


TCP connection reset when 'Logout URI Include' configured.


TCP connection resets, reporting BIG-IP APM error messages. 'Logout URI Include' does not support custom query strings in logout URIs to include. For example, with a 'Logout URI Include' value of /logoff.html, if a user-agent sends a logout URI request in the form of /logoff.html?a=b, logout URI validation resets the connection and reports an error: -- Access encountered error: ERR_ARG. File: ../modules/hudfilter/access/access.c, Function: access_check_uri_type. Note: BIG-IP APM prohibits the configuration of 'Logout URI Include' from containing a query string on the BIG-IP system. For example, attempting to configure 'Logout URI Include' with a URI in the form of /logoff.html?a=b fails and displays error messages: -- Configuration error: Configured URI (/logoff.html?a=b) is not allowed to contain query parameter.


-- Access Policy with a valid 'Logout URI Include' string, e.g.: /logoff.html -- Request to 'Logout URI Include' URI from user-agent that includes a query parameter string, e.g.: /logoff.html?a=b



Fix Information

The system now ignores unsupported query parameters.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips