Bug ID 985433: Insertion of the X-Forwarded-For HTTP header can fail, causing the client's connection to be reset.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.4.1

Opened: Jan 20, 2021
Severity: 3-Major

Symptoms

Some client connections are being reset with rst-cause 'Unknown reason'.

Impact

Affected client connections are reset, leading to application failures.

Conditions

--- Standard virtual server with the TCP and HTTP profiles. --- The HTTP profile is configured to insert the X-Forwarded-For header. --- The client supplies an empty X-Forwarded-For header in the HTTP request.

Workaround

You can work around this issue by disabling the header insertion in the HTTP profile and instead using an iRule similar to the following example: when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::remote_addr] }

Fix Information

Insertion of the X-Forwarded-For header now works as expected, regardless of input client data.

Behavior Change