Symptoms
An HTTP Security profile can be created and enabled within Advanced Firewall Manager's Protocol Security options. The HTTP Security Profile contains various protocol checks that can be enabled and disabled to allow customization of security checks. When the "Unparsable request content" check is selected, BIG-IP will incorrectly indicate that HTTP POST requests with Content-Length:0 are not allowed assuming that these requests are unparsable. POST requests with Content-Length:0 can still be checked by enabling the "POST request with Content-Length: 0" option in the same profile.
Impact
POST requests of Content-Length 0 cannot be disabled separately from general "Unparsable request content".
Conditions
-- HTTP Protocol Security Profile configured with the "Unparsable request content" check.
-- Client sends HTTP POST request with Content-Length:0
Fix Information
POST requests containing a Content-Length: 0 header are no longer considered as "Unparsable Request Content" violations and will not incorrectly be reported.
Behavior Change
POST requests containing a Content-Length: 0 header are no longer considered as "Unparsable Request Content" violations within the AFM HTTP protocol security profile.
