Forum Discussion

Nimbostratus

Jan 17, 2023

ASM: Apostroph (0x27) char in header value

Hi, we see HTTP requests comming in where the User-Agent header ist delimited by an apostroph (0x27 ASCII). The ASM flags this as a violation and suggests me to allow that char. As far as I unterst...

security

Juergen_Mang

MVP

Jan 17, 2023

It depends on:

if you want to allow the client, you must disable this protection
else ignore the suggestion

There are some browsers, mostly from smartphones, that violates the rfc's and sends non-ascii characters in headers.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM: Apostroph (0x27) char in header value

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Strict header Insertion

(HTTP) Redirection via Arbitrary Host Header

Log Http Headers

F5 XC Distributed Cloud HTTP Header/Cookie manipulations and using the client ip/user headers

Security Headers Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS