Forum Discussion

Cirrus

May 23, 2017

Block Smuggling HTTP Request

Hello, I'm trying to detect smuggling Request, but all my solutions failed, i tried to disable Pipeline option @ HTTP Profile, also tried an old iRule to detect HTTP header counts but also didn't wor...

application delivery

http

iRules

Cumulonimbus

May 24, 2017

Wouldn't this fix the problem:

when HTTP_REQUEST {
    if { [ llength [HTTP::header values Content-Length] ] > 1 } {
        log local0. "Multiple content-length headers detected: [HTTP::header values Content-Length] : Request dropped"
        drop
    }
}

[Edited]

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)