Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Apr 12, 2023

Does AWS Managed Ruled support HTTP header injection?

If an HTTP header with a newline code inserted is sent, can AWS Managed Rule detect and prevent it?

If so, which AWS Managed Rules are included?

application delivery

F5 Rules for AWS WAF

buulam
Admin
Apr 13, 2023
Hi Kazuto I'll route this to the PM for the AWS Managed Rules and find out
Joel_Cohen
Employee
Apr 25, 2023
Hi Kazuto,

The F5 Rules for AWS WAF - Web exploits OWASP Rules has rules for blocking different HTTP Header Injections. Depending on the HTTP request and how AWS parses and handles it for inspection, the rules in place should block injections in HTTP headers. If you find that something is not blocked as expected, please share with us a sample request and we will check into it further

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming