Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

The State Of HTTP/2 Full Proxy With F5 LTM

Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’. In this article, I will attempt to summarize the known challenges of an HTTP/2 full proxy setup, point ou...
Updated Mar 10, 2026
Version 9.0
application delivery
svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Dec 08, 2025

Hey Juergen,

thanks for this great article! 👍

You can add https://cdn.f5.com/product/bugtracker/ID1196505.html (see https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-17-5-1-3.html#A1196505-2) to the list of known issues as well, which makes Full-Stack HTTP/2 almost unusable in many environments. 😒

Hit me today and feels like a little snitch: Reset on the server-side, without releasing the request on the client-side. ASM logs even report the response status code. 😵

 

Greetings,

Sven

 

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Dec 08, 2025

    F5 needs to work on AWAF with HTTP/2 for 21.x hopefully as  https://my.f5.com/s/article/K000135679 gRPC is also not supported on HTTP/2 but Nginx App Protect WAF that is again the bd process as BIG-IP AWAF supports it and I find that strange.

  • Juergen_Mang's avatar
    Juergen_Mang
    Icon for MVP rankMVP
    Dec 09, 2025

    Hi Sven,

    I discovered this Bug already in the combination with the ASM::unblock in iRules.

    The known issues list is terrifying long...

    • svs's avatar
      svs
      Icon for Cirrostratus rankCirrostratus
      Dec 09, 2025

      Ah...sorry. I've overseen this reference. But at least I found it outside of iRules. 😄

      However, I hardly ever see F5 LTM setups with HTTP/2 full proxy configured.

      Maybe because of the terrifying long list of known issues or bad experience 😉. I've never had good results with HTTP/2, neither measurable nor felt. Either because of buggy HTTP/2 configuration in the backend or because of the perceived lack of support on the BIG-IP or known issues...

      • Juergen_Mang's avatar
        Juergen_Mang
        Icon for MVP rankMVP
        Dec 09, 2025

        Ah...sorry. I've overseen this reference. But at least I found it outside of iRules.

        This makes it even worse.

        I hope this article will encourage F5 to prioritize addressing the issues with HTTP/2. In any case, I would prefer to see the known issues list worked through rather than new features being introduced.