F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Gregory_Gerard_'s avatar
Gregory_Gerard_
Icon for Nimbostratus rankNimbostratus
Jun 08, 2008

Enforcing Content-Length and other preventive security measures

I've been challenged with an audit. I know the tool in question to be used and have read the docs and whitepapers (sorry, cannot reveal).     Things mentioned within them include:   1....
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 09, 2008
You could potentially handle some HTTP protocol validation in an iRule, but you'd probably need to parse the raw TCP (as opposed to using HTTP::commands) as you're looking for invalid HTTP or corner cases in the use of the protocol. If it's an option for you, the Application Security Manager (ASM) would provide much better validation of HTTP and add a lot more flexibility and ease than you could ever get to with an iRule. You can check with an F5 salesperson to get more information on the functionality ASM offers. I think you'll find it meets or exceeds what you're trying to achieve.

 

 

Aaron