Bug ID 985433: Insertion of the X-Forwarded-For HTTP header can fail, causing the client's connection to be reset.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.4.1

Opened: Jan 20, 2021

Severity: 3-Major

Symptoms

Some client connections are being reset with rst-cause 'Unknown reason'.

Impact

Affected client connections are reset, leading to application failures.

Conditions

--- Standard virtual server with the TCP and HTTP profiles. --- The HTTP profile is configured to insert the X-Forwarded-For header. --- The client supplies an empty X-Forwarded-For header in the HTTP request.

Workaround

You can work around this issue by disabling the header insertion in the HTTP profile and instead using an iRule similar to the following example: when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::remote_addr] }

Fix Information

Insertion of the X-Forwarded-For header now works as expected, regardless of input client data.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips