Forum Discussion
Invalid Content-Length header caused Big-IP to terminate connection?
- Nov 06, 2024
telnet 192.168.1.1 80
Trying 192.168.1.1...
Connected to 10.125.245.56.
Escape character is '^]'.
GET / HTTP/1.1
Host: test
Content-Length: abc
Connection closed by foreign host.Same behavior in my environment. From which version do you upgrade?
I think this behavior change was introduced with this bug fix:
http://cdn.f5.com/product/bugtracker/ID1354253.html
Yes I know invalid Content-Length headers are not ok, but clients should not be punished for it imo. And GET should not have Content-Length anyway, but then the Big-IP should just ignore it, right?
Validating headers is essential for security, but it is bad that there is no logging entry.
telnet 192.168.1.1 80
Trying 192.168.1.1...
Connected to 10.125.245.56.
Escape character is '^]'.
GET / HTTP/1.1
Host: test
Content-Length: abc
Connection closed by foreign host.
Same behavior in my environment. From which version do you upgrade?
I think this behavior change was introduced with this bug fix:
http://cdn.f5.com/product/bugtracker/ID1354253.html
Yes I know invalid Content-Length headers are not ok, but clients should not be punished for it imo. And GET should not have Content-Length anyway, but then the Big-IP should just ignore it, right?
Validating headers is essential for security, but it is bad that there is no logging entry.
I think you are correct, this will be the cause probably. The article says it was fixed in 17.1.1, the version I'm coming from. So normally I should have already experienced the problem before, but I know these version are sometimes not 100% correct. But I was running engineering hotfixes on 17.1.1 for unrelated problems.
I might contact F5 to see if there is a possibility to log this.
Thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com