Forum Discussion
Chris_Bartnick_
Nimbostratus
NimbostratusIrule for blocking http smuggling
Hello,
Would anyone have an Irule config or template that can block "HTTP request smuggling" or HRS...or possibly forward me if the direction to create one for an ltm running 9x code?
thanks
- CharlesCS
Cirrus
Is this approach valid for versions prior to 9.4.0? The HTTP_header page in the wiki implies that multiple instances of a named header only get counted more than once in 9.4.0 and above. 
hoolioCirrostratus
Sorry, I didn't realize the HTTP::header count behavior changed in 9.4.0. I thought it worked as expected in older versions. Can you try testing this to check if it doesn't return 2 for two of the same headers?
You can use curl to send a request with two header names:
$ curl -v -H "Header1: value1" -H "Header1: value2" google.com
* About to connect() to google.com port 80 (0)
* Trying 74.125.67.100... connected
* Connected to google.com (74.125.67.100) port 80 (0)
> GET / HTTP/1.1
> User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/0.9.8k zlib/1.2.3 libssh2/0.15-CVS
> Host: google.com
> Accept: */*
> Header1: value1
> Header1: value2
You could also use a Firefox browser plugin like TamperData to test this.
Aaron
Chris_Bartnick_Thanks Arron, let me give that a try today in the lab.
Chris
