Forum Discussion

Cirrus

Feb 12, 2019

Content-Type header in body

Hello guys, I have an application that behaves not really RFC compliant, crafting request with Content-Type header after a CRLF. The request is a multipart/form-data. ASM is then considering thi...

ASM Advanced WAF

security

samstep

Cirrocumulus

Mar 04, 2019

RFC violation is pretty serious and the risks are quite high - just Google for "CRLF Injection" to see the dangers of such attacks.

You should really speak to application developers to get them to fix this and remove the CRLF injection vulnerability. If fixing the application code is not possible then you need to very carefully consider the exception - you might need to do it with an iRule and only allow the exception from Trusted IP address rather than the whole Internet.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Content-Type header in body

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

x-content-type-options

Content type tracking

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

Strict header Insertion

change content type for specific uri in http response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS