For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Martin_Robbins's avatar
Martin_Robbins
Icon for Nimbostratus rankNimbostratus
Jul 23, 2014

Hi,

 

Thanks but that was "too late", the connection has been reset before it gets to a close statement.

 

I will share the basic version of the solution I am now using, basically allow if there is a valid session and force client connection close on all other types of requests ...

 

when HTTP_REQUEST {
    set f_apmdisable_close 0

    if { [HTTP::cookie exists MRHSession] and [ACCESS::session exists -state_allow -sid [HTTP::cookie value MRHSession]] }{ return
    } elseif { [HTTP::cookie exists MRHSession] }{ set f_apmdisable_close 1 }

    if { [HTTP::path] starts_with "/public/" }{
        WEBSSO::disable
        ACCESS::disable
        set f_apmdisable_close 1 }
}

when HTTP_REQUEST_SEND {
    clientside {
      if { $f_apmdisable_close }{
         if { [HTTP::header exists Connection] }{ HTTP::header remove Connection }
         HTTP::header insert Connection Close }   
    }
}

when HTTP_RESPONSE {
    if { $f_apmdisable_close }{
        if { [HTTP::header exists Connection] }{ HTTP::header remove Connection }
        HTTP::header insert Connection Close }
}

The case I opened has not provided any additional help but the code here at least stops the errors and client resets .. I am sure there are improvements to be had.