For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dburnett_103851's avatar
dburnett_103851
Icon for Nimbostratus rankNimbostratus
Dec 10, 2008

9.4.5 upgrade and HTTP Protocol Compliance

We currently have F5 Big IPs within a 'live' website environment and a 'pre-live' environment.     We have recently upgraded our pre-live environment from 9.4.3 to 9.4.5.     All...
app sec
BIG-IP Access Policy Manager (APM)
security
dburnett_103851's avatar
dburnett_103851
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008
I've checked out our character set settings.

 

 

Whilst we have the carriage return and line feed characters disallowed at a global level we have a wildcard parameter of * which has both of them set as allowed, plus also a couple of other parameters such as a comments field, which has them allowed.

 

 

For information, the * wildcard had to be put in due to the number of dynamic parameters that are created by our web application.

 

 

Don't know if you can answer this or not but if we were to turn off the HTTP protocol compliance feature in order to rely on the character set restrictions (and the attack signatures) is the * wildcard parameter opening us up to HTTP Response Split attacks?