Forum Discussion

Altostratus

Aug 11, 2024

Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:...

authorization header

leading tab

Lucas_Thompson

Employee

Aug 19, 2024

It may be detected due to this issue:

https://cdn.f5.com/product/bugtracker/ID1003765.html

This sometimes caused base64 information in an authorization header to be incorrectly matched to this signature.

Emil_T
Altostratus
Aug 19, 2024
We are talking about header name here - not header content

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Leading tab in header name: Authorization

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

JWT authorization with NGINX Ingress Controller

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

iRule - Authorization Bearer / Basic

ASM irule to disable attack signature authorization header with specific value

Resolve Citrix Secure Ticket Authority (STA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS