Forum Discussion
CirrusHTTP Profile troubleshoot
HTTP profile is enforcing RFC. How can I see logs of the exact violation and block?
For example, if a RST sent due to RFC violation, I could activate BIG-IP system to log TCP RST packets (https://my.f5.com/manage/s/article/K13223), but then I only see a general error like "F5RST: Malformed HTTP header error"
How can I log the actual error? For example: duplicate Transfer-Encoding header
6 Replies
Emil_TrAltocumulus
Currently, the system does not provide granular logging for the specific reason behind each RFC violation. To determine the exact cause of a reset, you would need to capture the HTTP traffic using a tool like tcpdump and analyze the packet capture to identify the malformed or non-compliant part of the HTTP message.
- Tofunmi
MVP
Precisely!
- Emil_T
Is ASM enforcing the same HTTP compliance factors as HTTP profile?
ASM provide better logs so it might be better to use ASM for this.
- Injeyan_Kostas
Nacreous
Yes ASM enforces the same RFC rule for HTTP compliance.
But it does much more than this as it is a WAF. And actually on of the top ones.
So if you have ASM license of course you should use it not for just HTTP RFC compliance, but as an Enterprise WAF.
If you don't have an ASM license and your goal is just to enforce HTTP RFC compliance it does not worth the cost
- Emil_T
Thx for the reply. Let me rephrase my question thought. I have an ASM license. Would it be preferable to disable HTTP RFC enforcement at the HTTP profile level and leave the ASM engine handle it instead, so I can get more comprehensive logging details?
- Injeyan_Kostas
Yes you should let ASM do the job
