F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Emil_T's avatar
Emil_T
Icon for Cirrus rankCirrus
Aug 11, 2024

Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:...
authorization header
leading tab
Emil_Tr's avatar
Emil_Tr
Icon for Altocumulus rankAltocumulus
Mar 03, 2025

The rule of the signature is seeking a horizontal tab after the line feed which only happens in the header name. But, this version is affected by ID1003765 which detects the pattern in the base64 value even if it's disabled.  The issue is fixed in version 16.1.4: 

Bug ID 1003765: Authorization header signature triggered even when explicitly disabled
https://cdn.f5.com/product/bugtracker/ID1003765.html