Forum Discussion

Altostratus

Aug 11, 2024

Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:...

authorization header

leading tab

Lucas_Thompson

Employee

It may be detected due to this issue:

https://cdn.f5.com/product/bugtracker/ID1003765.html

This sometimes caused base64 information in an authorization header to be incorrectly matched to this signature.

Emil_T

Altostratus

Aug 19, 2024

We are talking about header name here - not header content

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Leading tab in header name: Authorization

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

JWT authorization with NGINX Ingress Controller

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

iRule - Authorization Bearer / Basic

ASM irule to disable attack signature authorization header with specific value

Resolve Citrix Secure Ticket Authority (STA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS