Forum Discussion

stephen4f5's avatar
stephen4f5
Icon for Nimbostratus rankNimbostratus
Apr 17, 2024

Content type hearder charset=UTF-8

Hello friends,

  We have a requirement to have WAF should only allow charset=UTF-8 in the Content-Type header.  So curios does this cover by any rule in ASM policy or do we have to create a custom rule through iRule or other ?   Basically our objective to accept only ute-8 and reject rest of any.   Appreciate any inputs !!

  • Hi stephen4f5,

    Requests that do not contain charset=UTF-8 in the Content-Type header can be blocked with a custom attack signature.

  • Alternatively, you can also create LTM policy or iRule to reject the traffic which doesn't have that content-type header. 

  • i dont think utf8-only rules is included in asm built-in rules because utf8 cannot cover all aphabets in single code, e.g. each chinese alphabet needs 3 utf8 codes.
    so you need to set custom LTM/ASM filter for it