For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Aug 05, 2018

Body in GET or HEAD Rquest

Why the following request is as HTTP Protocol Compliance Failed: Body in GET or HEAD   GET /xyzweb/maintenancePage/maintenance.html HTTP/1.1 Accept: / Content-Type: text/plain;charset=UTF-8 X-TS-A...
ASM Advanced WAF
BIG-IP
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Aug 06, 2018

You didn't copy-paste the full request here. I suspect that there is an additional line break character or some other extra characters in this GET after the header which is being treated like a body.

 

The User-Agent looks a bit suspicions as well - who uses IE10 on Windows 8 these days??? Microsoft stopped supporting IE10 in February 2016... So this might actually be an attack - looks like it is hitting your maintenance page, so this might give you a clue