Forum Discussion

Cirrus

May 23, 2017

Block Smuggling HTTP Request

Hello, I'm trying to detect smuggling Request, but all my solutions failed, i tried to disable Pipeline option @ HTTP Profile, also tried an old iRule to detect HTTP header counts but also didn't worked it seemsed the header count is "1", so appreciate if you have good idea to block these requests noting this behavior is changeable, below screen for request... shot:

Cumulonimbus

Wouldn't this fix the problem:

when HTTP_REQUEST {
    if { [ llength [HTTP::header values Content-Length] ] > 1 } {
        log local0. "Multiple content-length headers detected: [HTTP::header values Content-Length] : Request dropped"
        drop
    }
}

[Edited]

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Block Smuggling HTTP Request

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM

What is SMTP Smuggling and how can you deal with it?

Block requests by reverse DNS record

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

Block Referral Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS