Does AWS Managed Ruled support HTTP header injection?

Question

If an HTTP header with a newline code inserted is sent, can AWS Managed Rule detect and prevent it?If so, which AWS Managed Rules are included?

buulam · Answer

Hi&nbsp;Kazuto&nbsp;I'll route this to the PM for the AWS Managed Rules and find out

joel_cohen · Answer

Hi Kazuto,
The F5 Rules for AWS WAF - Web exploits OWASP Rules has rules for blocking different HTTP Header Injections. Depending on the HTTP request and how AWS parses and handles it for inspection, the rules in place should block injections in HTTP headers. If you find that something is not blocked as expected, please share with us a sample request and we will check into it further

Forum Discussion

Does AWS Managed Ruled support HTTP header injection?

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Management Certificate

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Cipher Suites Supported (12.1.5.3)

Managing NGINX App Protect WAF for Beginners

Using iControl REST API to manage F5 BIG-IP Advanced Firewall Manager (AFM)