Operational Defect Database
BugZero found this defect 207 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1350717
When the client IP address changes immediately after the authentication to the Configuration Utility, HTTPD could enforce the source IP check even if 'auth-pam-validate-ip' is set to 'off'
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
BIG-IP TMOS
Affected releases:
16.1.0
16.1.1
16.1.2
16.1.2.1
16.1.2.2
16.1.3
16.1.3.1
16.1.3.2
16.1.3.3
16.1.3.4
16.1.3.5
16.1.4
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1350717: When the client IP address changes immediately after the authentication to the Configuration Utility, HTTPD could enforce the source IP check even if 'auth-pam-validate-ip' is set to 'off' ... The sys httpd auth-pam-validate-ip setting is 'on' by default. ... This setting restricts each client session to a single source IP address: the session is terminated if the source IP of the client changes during the session. ... If browsers connect to the Configuration Utility through a proxy, their source IP addresses might change during a session: in this case you might want to set auth-pam-validate-ip to 'off' to avoid session termination when mod_auth_pam detects a client IP change for one of the existing sessions tokens (see https://my.f5.com/manage/s/article/K13048). ... When auth-pam-validate-ip is set to 'off', the setting does not work as expected if the client IP address of the browser changes immediately after the HTTP POST that authenticates the user into the Confi...
