Forum Discussion
doke_23794
Nimbostratus
Nimbostratusrandom header to avoid HEIST attack
Could I reduce the effectiveness of the HEIST https attack, by adding a random length noise header to every https response? The attack works by launching hundreds of queries, and comparing their res...
doke_23794Nimbostratus
Nimbostratushttps://tom.vg/papers/heist_blackhat2016.pdf Section "4.3.2 Apply random padding (inadequate)" on page 24 says my length padding idea in extra headers isn't good enough.
On the other hand, I think it's easier to apply than the others. It's one of the few mitigations I could apply in the f5, to protect existing applications. I'm not sure I could do the 3rd party cookie blocking in an iRule?
