Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Does AWS Managed Ruled support HTTP header injection?

Kazuto
Nimbostratus
Nimbostratus

‎12-Apr-2023 04:28

If an HTTP header with a newline code inserted is sent, can AWS Managed Rule detect and prevent it?

If so, which AWS Managed Rules are included?

Labels:
2 REPLIES 2

buulam
Community Manager
Community Manager

‎12-Apr-2023 23:28

Hi @Kazuto I'll route this to the PM for the AWS Managed Rules and find out

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

Joel_Cohen
F5 Employee
F5 Employee

‎25-Apr-2023 07:39

Hi Kazuto,

The F5 Rules for AWS WAF - Web exploits OWASP Rules has rules for blocking different HTTP Header Injections. Depending on the HTTP request and how AWS parses and handles it for inspection, the rules in place should block injections in HTTP headers. If you find that something is not blocked as expected, please share with us a sample request and we will check into it further

0 Kudos
Copyright © 2023 Khoros, LLC