Forum Discussion

Nimbostratus

Dec 10, 2008

9.4.5 upgrade and HTTP Protocol Compliance

We currently have F5 Big IPs within a 'live' website environment and a 'pre-live' environment. We have recently upgraded our pre-live environment from 9.4.3 to 9.4.5. All...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Dec 16, 2008

I think the main concern for HTTP response splitting is if the application uses any user-supplied content in response headers. It would be ideal if you could disable the CR and LF characters for all four global character sets and only allow it where required for specific parameters. If that's not an option, you could leave CR and LF enabled for the global parameter. But then you're potentially opening yourself up to an attack if the application is vulnerable.

Either way, if you have legitimate client requests where they set the Content-Length to 0, you would need to disable that check.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

9.4.5 upgrade and HTTP Protocol Compliance

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

BIG-IP security hardening and compliance checks

F5 MCP(Model Context Protocol) Server

Managing Model Context Protocol in iRules - Part 3

Managing Model Context Protocol in iRules - Part 1

Proxy Protocol v2 Initiator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS