Forum Discussion
- zamroni777Nacreous
as mentioned in below article, enable RFC compliance enforcement in vserver's http profile.
this feature should also work in ltm-only license.HTTP Request Smuggling, what it is, how to find it and how to stop it
- Pradeep_KandiEmployee
Hi GauravL
AWS WAF Rules doesn't provide protection against CVE-2024-23316. Since it's an HTTP Request Smuggling vulnerability, AWS Load Balancer needs to be set up to guard against it. I hope this link will be useful https://kloudle.com/academy/configuring-aws-load-balancers-to-protect-against-http-desync-attacks/
- amine-elhijaziAltocumulus
Unless F5 publishes a KB about this CVE, I don't think we can confirm it. F5 signature attacks are kept private. You can contact F5 support to confirm.
Best of luck!
The way to contact support for F5 Rules for AWS WAF is via this forum, as stated in the support section for it.
https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi / https://my.f5.com/manage/s/article/K21015971