Forum Discussion
Vinne73
Cirrus
CirrusInvalid Content-Length header caused Big-IP to terminate connection?
Hi all, I updated our Big-IP cluster to 17.1.1.4 last monday, and now I have a strange problem. When doing a HTTP request to any VIP, using POST but just as well GET or ..., and specifying an invali...
telnet 192.168.1.1 80
Trying 192.168.1.1...
Connected to 10.125.245.56.
Escape character is '^]'.
GET / HTTP/1.1
Host: test
Content-Length: abc
Connection closed by foreign host.Same behavior in my environment. From which version do you upgrade?
I think this behavior change was introduced with this bug fix:
http://cdn.f5.com/product/bugtracker/ID1354253.html
Yes I know invalid Content-Length headers are not ok, but clients should not be punished for it imo. And GET should not have Content-Length anyway, but then the Big-IP should just ignore it, right?
Validating headers is essential for security, but it is bad that there is no logging entry.
Juergen_Mang
MVP
MVPtelnet 192.168.1.1 80
Trying 192.168.1.1...
Connected to 10.125.245.56.
Escape character is '^]'.
GET / HTTP/1.1
Host: test
Content-Length: abc
Connection closed by foreign host.
Same behavior in my environment. From which version do you upgrade?
I think this behavior change was introduced with this bug fix:
http://cdn.f5.com/product/bugtracker/ID1354253.html
Yes I know invalid Content-Length headers are not ok, but clients should not be punished for it imo. And GET should not have Content-Length anyway, but then the Big-IP should just ignore it, right?
Validating headers is essential for security, but it is bad that there is no logging entry.
Vinne73Cirrus
CirrusI think you are correct, this will be the cause probably. The article says it was fixed in 17.1.1, the version I'm coming from. So normally I should have already experienced the problem before, but I know these version are sometimes not 100% correct. But I was running engineering hotfixes on 17.1.1 for unrelated problems.
I might contact F5 to see if there is a possibility to log this.
Thanks.