How can I add an "Illegal Header" in the Advanced WAF.

Question

Hi;&nbsp;How can I add a header to be illegal in the AWAF product, previously ASM. &nbsp;The ASM for instance allows you to manually add "Allowed URLs" and "Disallowed URLs". However, I could only manually add "Allowed Headers" but could not find a way to manually add "Disallowed Headers". I know I can do that in an I-rule, but my aim was to do it in the GUI and return the default block page.&nbsp;&nbsp;KindlyWasfi

daniel_wolf · Accepted Answer

Hi Wasfi,&nbsp;you can achieve this by adding the Header name as a custom attacking signature.Here is the to the documentation for v14.1:Writing Custom Attack Signatures&nbsp;And here a (not very sophisticated) example:&nbsp;KRDaniel

wasfi_bounni · Answer

Hi Daniel;&nbsp;Thank you for your help.&nbsp;&nbsp;KindlyWasfi

wasfi_bounni · Answer

Hi Daniel;&nbsp;In the above example, I have tried to use a regular expression instead of the contain string criteria, which is ^badheader. This means that the header value string must start with badheader. The issue though is that did not work. I will put this on the forum too.&nbsp;&nbsp;KindlyWasfi

Forum Discussion

How can I add an "Illegal Header" in the Advanced WAF.

3 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

From ASM to Advanced WAF: Advancing your Application Security

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL Orchestrator Advanced Use Cases: DNS Sinkholing

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

SSL Orchestrator Advanced Use Cases: Integrating F5 Advanced Firewall Manager (AFM)