Forum Discussion

Nimbostratus

Apr 12, 2023

Does AWS Managed Ruled support HTTP header injection?

If an HTTP header with a newline code inserted is sent, can AWS Managed Rule detect and prevent it? If so, which AWS Managed Rules are included?

Employee

Apr 25, 2023

Hi Kazuto,

The F5 Rules for AWS WAF - Web exploits OWASP Rules has rules for blocking different HTTP Header Injections. Depending on the HTTP request and how AWS parses and handles it for inspection, the rules in place should block injections in HTTP headers. If you find that something is not blocked as expected, please share with us a sample request and we will check into it further

Forum Discussion

Does AWS Managed Ruled support HTTP header injection?

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Is F5 WAF support JSON syntax in their SQL injection inspection process.

Support and Help for DevCentral and Offline Contact

Serverside SNI injection iRule

NGINX Management Suite API Connectivity Manager - Modern API driven Applications