Forum Discussion
Emil_T
Altostratus
Altostratusrepeated parameter name
i see the following event: repeated parameter name array[]. The f5 recognizes "array[]" as a multiple times parameters, but in fact it is an array that gets a different value each time it appears. ...
Emil_TAltostratus
AltostratusThis repeating-parameter behavior is not breaking anything. In fact, according to the developers, it is a legitimate array that gets a different value each time it appears in the URL parameter. But the f5 recognizes this "array[]" as a multiple times parameters. It seems like the F5 detect a false positive
Lucas_Thompson
Employee
EmployeeOK. This makes sense.
In an ordinary situation, having multiple copies of a query parameter would be problematic because most web app frameworks parse them out to the app in the form of a list (key:value) pairs, so the app itself cannot usually detect if the HTTP query parameters are duplicated because it would only "see" one of them. It sounds like your app is actually designed to operate this way.
Since in your situation this is OK, you should disable this signature.
- Emil_T
Well yeh, that is always the easy way to go, but I'd like to understand why F5 detects a false positive in a allegedly valid RFC HTTP request
- Lucas_Thompson
Super! Understanding internet security more fully is always good. Here's more information that explains in a lot of detail why you *usually* don't want duplicated HTTP parameters and why this signature is not a false positive:
- Emil_T
Understood. But it is still unclear whether the same risk applies to the array[] type of parameter, which is by design "repeated" as of it's nature