Depending on LTM version, the monitoring daemon, bigd, will automatically append one or two \r\n's to the send string before making the request to the pool member. This is described in SOL:
SOL10655: Change in Behavior: CR/LF characters appended to the HTTP monitor Send string
https://support.f5.com/kb/en-us/solutions/public/10000/600/sol10655.html
In BIG-IP versions
9.4.x, 9.6.x, 10.0.x, and 10.1.x, the BIG-IP system automatically appends two CR/LF character sets to the HTTP monitor Send string. This was an intentional change meant to simplify the configuration of HTTP GET request monitors. However, as a result of this change, a POST request that includes a message body is sent with an extra trailing CR/LF character set, in violation of the HTTP 1.1 specification in RFC2616.
Note: The HTTP specification requires an extra empty line (double CR/LF) after the headers, therefore terminating a typical GET request with the double CR/LF sequence results in a well-formed request. However, RFC2616 specifically prohibits a POST request from including extra CR/LF characters:
Certain buggy HTTP/1.0 client implementations generate extra CRLF's after a POST request. To restate what is explicitly forbidden by the BNF, an HTTP/1.1 client MUST NOT preface or follow a request with an extra CRLF.
In BIG-IP version 10.2.x, the BIG-IP system no longer automatically appends any CR/LF character set to the HTTP monitor Send string. This was an intentional change to accommodate custom monitors such as those which use the Send string to send a POST request with a message body.
Aaron