Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

ASM: Apostroph (0x27) char in header value

misch43
Nimbostratus
Nimbostratus

‎17-Jan-2023 00:38

Hi,

we see HTTP requests comming in where the User-Agent header ist delimited by an apostroph (0x27 ASCII). The ASM flags this as a violation and suggests me to allow that char.

As far as I unterstand RFC7230 sec 3.2.6 this char is NOT allowed as delimiter, but as contents (tchar).

Am I correct? Should I ignore the ASM suggestion?

Michael

Labels:
0 Kudos
2 REPLIES 2

Juergen_Mang
MVP
MVP

‎17-Jan-2023 01:54

It depends on:

  • if you want to allow the client, you must disable this protection
  • else ignore the suggestion

There are some browsers, mostly from smartphones, that violates the rfc's and sends non-ascii characters in headers.

0 Kudos

Mohamed_Ahmed_Kansoh
MVP
MVP

‎17-Jan-2023 12:29

Hi @misch43 , 
I recommend to ask server developer. 
Take some samples from F5 Violated requests " Contains Apostroph " to Backend server developer to review it with him to take the proper action against this violation , if you should allow or Block it.

_______________________
Regards
Mohamed Kansoh
0 Kudos
Copyright © 2023 Khoros, LLC