Forum Discussion
Nav_126513
Feb 22, 2018Nimbostratus
13.1.0.3 has been released yesterday. In the list of known issues in the release notes:
703191-2 2-Critical HTTP2 requests may contain invalid headers when sent to servers
Details of the issue in the release notes:
703191-2 : HTTP2 requests may contain invalid headers when sent to servers
Component: Local Traffic Manager
Symptoms:
HTTP requests handled by an HTTP/2 virtual server may have blank header names when proxied through to the server or when handled via iRules.
Conditions:
-- Virtual server has the HTTP/2 profile assigned.
-- Client and the BIG-IP system negotiate/use HTTP/2.
Impact:
HTTP/2 applications may generate CSRF-related errors. Alternately, the server may return intermittent (and from the client's perspective, spurious) 400 Bad Request responses.
Workaround:
There is no workaround other than to remove the HTTP/2 profile from the virtual server.