OPERATIONAL DEFECT DATABASE
...
...
Per-request policy L7 Protocol lookup agent does not detect 'http-connect' protocol in the visual policy editor for APM/SWG use cases
Per-request policy L7 Protocol lookup agent classifies HTTP Connect request as 'http' instead of 'http-connect'.
-- APM/SWG is licensed and provisioned. -- L7 Protocol Lookup agent is added in per-req policy to classify 'http-connect' protocol. -- User sends explicit traffic through BIG-IP.
Following custom iRule can be attached to virtual server to detect 'http-connect' protocol in VPE. when CLIENT_ACCEPTED { set ptcl "" TCP::collect } when CLIENT_DATA { set tcplen [TCP::payload length] set said [TCP::payload] if { $tcplen >= 8 } { #at least 8 bytes are required for http traffic to find the http method. if {$ptcl eq ""} { set ptcl [call detect_l7_ptcl $ptcl $said $tcplen] } #Release collected data TCP::release } } when L7CHECK_CLIENT_DATA { if { $ptcl eq "http-connect" } { L7CHECK::protocol set "http-connect" } } proc detect_l7_ptcl {ptcl data len} { if {[regexp {^([A-Z]+) (?:/|https?://|[A-Za-z\d-]{1,63}[.]|\[[a-fA-F\d:]+\]|(?:[*]\x20))} $data junk method]} { if { $method eq "CONNECT" } { return "http-connect" } } }
None
Click on a version to see all relevant bugs
F5 Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
