Forum Discussion

Cirrus

Aug 11, 2024

Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:...

authorization header

leading tab

Emil_Tr

Cirrus

Mar 03, 2025

The rule of the signature is seeking a horizontal tab after the line feed which only happens in the header name. But, this version is affected by ID1003765 which detects the pattern in the base64 value even if it's disabled. The issue is fixed in version 16.1.4:

Bug ID 1003765: Authorization header signature triggered even when explicitly disabled
https://cdn.f5.com/product/bugtracker/ID1003765.html

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Leading tab in header name: Authorization

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM allow specific url from outside country of geolocation ON

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Related Content

JWT authorization with NGINX Ingress Controller

Resolve Citrix Secure Ticket Authority (STA)

Even More Hands-On Quantum-Safe PKI: Building Enterprise PQC Certificate Authorities with EJBCA Community Edition

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ASM irule to disable attack signature authorization header with specific value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS