Forum Discussion
ASM: Apostroph (0x27) char in header value
Hi,
we see HTTP requests comming in where the User-Agent header ist delimited by an apostroph (0x27 ASCII). The ASM flags this as a violation and suggests me to allow that char.
As far as I unterstand RFC7230 sec 3.2.6 this char is NOT allowed as delimiter, but as contents (tchar).
Am I correct? Should I ignore the ASM suggestion?
Michael
It depends on:
- if you want to allow the client, you must disable this protection
- else ignore the suggestion
There are some browsers, mostly from smartphones, that violates the rfc's and sends non-ascii characters in headers.
Hi misch43 ,
I recommend to ask server developer.
Take some samples from F5 Violated requests " Contains Apostroph " to Backend server developer to review it with him to take the proper action against this violation , if you should allow or Block it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com