Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Feb 09, 2016

HTTP Headers - HTTP Compliance Failed

GET /xy/login.html?lang=ar HTTP/1.1 Host: www.abcdef.com Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Linux; Androi...
ASM Advanced WAF
security
waf
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 10, 2016

Hi MSZ,

It may be required by your application, but only the developer of the application knows for sure. For further reading on the purpose of the X-Wap-Profile header see...

https://en.wikipedia.org/wiki/UAProf

But the header should have at least a value to become RFC conform. You could now either allow non empty headers in ASM, or use an iRule to remove every empty instance of "X-Wap-Profile" before passing the request to ASM.

when HTTP_REQUEST {
    if { [HTTP::header value "X-Wap-Profile"] eq "" } then {
        HTTP::header remove "X-Wap-Profile"
    }
}

Cheers, Kai