Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Feb 09, 2016

HTTP Headers - HTTP Compliance Failed

GET /xy/login.html?lang=ar HTTP/1.1 Host: www.abcdef.com Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Linux; Androi...
ASM Advanced WAF
security
waf
MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Feb 10, 2016

There must be a value for every Header for Compliance. We cannot remove check of blocking on Header Compliance. If we ignore this then, will it be harmful for application? Kindly suggest.

 

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 10, 2016
It would strongly depend on your application. If the application is well designed then it would not be a problem for the application to receive empty http headers. But I also guess it would be not a problem to just remove the empty header using the provided iRule or even change the header to have a value of "\"\"" (its a double double-quote after substitution). Cheers, Kai