Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Nov 27, 2023

Normalising URL's

Hi

I'm trying to upgrade to 16.1.4 from 16.1.3 seems like F5 have introduced automatic path normalisation. Seems to be around the usage of 302 for APM when it sends it to /my.policy

What do I mean.

The starting url

https://example/Base/second//third?a=1

Using https://datatracker.ietf.org/doc/html/rfc3986

Path is /Base/second//third?a=1

Notice it has // i there an empty path

Well it seems like in 16.1.4 F5 now normalises this automatically for you !!

so if you start like this

https://example/Base/second//third?a=1

302 ->

https://example/my.policy

302

https://example/Base/second/third?a=1

 

From my reading of the RFC the change from // to / is a MAY not a MUST

and that the 2 urls are equivilant

https://example/Base/second//third?a=1  ==  https://example/Base/second/third?a=1

Now not defending my developers - but they require the // they are not treating the RFC's properly - but F5 are not enforcing this.

Which I also find strange as they have PATH -normalise funcition to do this as well.

So now I am stuck I need to move off 16.1.3 because of a OAUTH memory leak issuse but can't go to 16.1.4 because it breaks other stuff.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Hi AlexS_yb I'd get a case open to investigate. In the meantime, you could try re-inserting that second / in the HTTP_REQUEST_RELEASE event with an iRule.

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus

      Hi

       

      Yeah already got a ticket open 🙂

      Yes I could but I have a few and its a pain i have to make this change especially as normalising a url is a MAY in the rfc and not a must.

      I would suggest that F5 are breacking RFC's by doing this 🙂