Forum Discussion

Cirrus

Aug 11, 2024

Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:...

authorization header

leading tab

Emil_Tr

Altocumulus

Mar 03, 2025

The rule of the signature is seeking a horizontal tab after the line feed which only happens in the header name. But, this version is affected by ID1003765 which detects the pattern in the base64 value even if it's disabled. The issue is fixed in version 16.1.4:

Bug ID 1003765: Authorization header signature triggered even when explicitly disabled
https://cdn.f5.com/product/bugtracker/ID1003765.html

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Leading tab in header name: Authorization

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

JWT authorization with NGINX Ingress Controller

CNSA 2.0 Implementation Guide with OpenSSL: How to Build a Quantum-Resistant Certificate Authority

Resolve Citrix Secure Ticket Authority (STA)

ASM irule to disable attack signature authorization header with specific value

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS