Forum Discussion

swapna_66665's avatar
Icon for Nimbostratus rankNimbostratus
Sep 22, 2011

How to prevent HTTP response splitting

Hi to All,



I have a URL which is working fine when access it with its domain name but cannot access with its IP address.




There is no issue with server.




when I append some strings to that URL like for example
 , it is showing some error messages which means HTTP header injection is prevented.




But when using same URL with its IP address like below




URL_IPaddress/main%0d%0a , it is redirecting to which causes HTTP header injection that should be prevented.




Does any one knows how to prevent this


HTTP response splitting::Header injection possible












2 Replies

  • kaefuh's avatar
    Icon for Nimbostratus rankNimbostratus
    what is violations information, if you could be share once.
  • Check HTTP Class for this Virtual Server - if it is enabled only for Host: then the requests with IP address instead of domain name are not going through ASM policy