For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vinne73's avatar
Vinne73
Icon for Cirrus rankCirrus
Nov 06, 2024
Solved

Invalid Content-Length header caused Big-IP to terminate connection?

Hi all, I updated our Big-IP cluster to 17.1.1.4 last monday, and now I have a strange problem. When doing a HTTP request to any VIP, using POST but just as well GET or ..., and specifying an invali...
application delivery
  • Juergen_Mang's avatar
    Juergen_Mang
    Nov 06, 2024

    telnet 192.168.1.1 80
    Trying 192.168.1.1...
    Connected to 10.125.245.56.
    Escape character is '^]'.
    GET / HTTP/1.1
    Host: test
    Content-Length: abc
    Connection closed by foreign host.

     

    Same behavior in my environment. From which version do you upgrade?

    I think this behavior change was introduced with this bug fix:

    http://cdn.f5.com/product/bugtracker/ID1354253.html

     

    Yes I know invalid Content-Length headers are not ok, but clients should not be punished for it imo. And GET should not have Content-Length anyway, but then the Big-IP should just ignore it, right?

    Validating headers is essential for security, but it is bad that there is no logging entry.

     

     

     

Aswin_mk's avatar
Aswin_mk
Icon for MVP rankMVP
Nov 06, 2024

Hi 

 

i have running on 17.1.1.3 and only faced issues in optimized profiles. if you have issues, please check the 17.1.1.4 release note to verify it or raise a support ticket immediately to know the issue and fix

 

BIG-IP 17.1.1.4 Fixes and Known Issues

 

BR
Aswin