Operational Defect Database
BugZero found this defect 1067 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1026781
Standard HTTP monitor send strings have double CRLF appended
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
11.6.0
11.6.1
11.6.2
11.6.3
11.6.3.1
11.6.3.2
11.6.3.3
11.6.3.4
11.6.4
11.6.5
11.6.5.1
11.6.5.2
Fixed releases:
No fixed releases provided.
Description:
Standard (bigd-based, not In-TMM) HTTP monitors have a double CRLF appended (\r\n\r\n) to the send string. ... This does not comply with RFC1945 section 5.1 which states requests must terminate with a single CRLF (\r\n). ... This non-compliant behavior can lead to unexpected results when probing servers. ... Impact ... Servers probed by these non-RFC-compliant HTTP monitors may respond in an unexpected manner, resulting in false negative or false positive monitor results. ... Conditions ... There are several workarounds: 1. ... If running 13.1.0 or later, switch monitoring from bigd-based to In-TMM. ... In-TMM monitors properly follow RFC1945 and will send only a single CRLF (\r\n) 2. ... Remain with bigd-based monitoring and configure probed servers to respond to double CRLF (\r\n\r\n) in a desired fashion Depending on server configuration, a customized send string, even with the double CRLF, may still yield expected responses. ... Fix Information
