ASM: Apostroph (0x27) char in header value

Question

Hi,we see HTTP requests comming in where the User-Agent header ist delimited by an apostroph (0x27 ASCII). The ASM flags this as a violation and suggests me to allow that char.As far as I unterstand RFC7230 sec 3.2.6 this char is NOT allowed as delimiter, but as contents (tchar).Am I correct? Should I ignore the ASM suggestion?Michael

juergen_mang · Answer

It depends on:

if you want to allow the client, you must disable this protection
else ignore the suggestion

There are some browsers, mostly from smartphones, that violates the rfc's and sends non-ascii characters in headers.

mohamed_ahmed_kansoh · Answer

Hi&nbsp;misch43&nbsp;,&nbsp;I recommend to ask server developer.&nbsp;Take some samples from F5 Violated requests " Contains Apostroph " to Backend server developer to review it with him to take the proper action against this violation , if you should allow or Block it.

Forum Discussion

ASM: Apostroph (0x27) char in header value

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Strict header Insertion

(HTTP) Redirection via Arbitrary Host Header

Log Http Headers

F5 XC Distributed Cloud HTTP Header/Cookie manipulations and using the client ip/user headers

Security Headers Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS