Saturday, August 10, 2024

WAF block request - Attack Type "HTTP parser attack"

WAF block request - Attack Type "HTTP parser attack" Violations - "HTTP protocol compliance failedhe - check maximum header of numbers" header over 21 (Default value is 20, max value is 30)

Recommended Actions

 Log on to the BIG-IP ASM/AWAF Configuration utility (gui).
 Go to Security > Policy Building > Learning and Blocking Settings.
 Expand HTTP protocol compliance failed.
 Modify the Check maximum number of headers value to the required value for your application.
 Click Save.
 Click Apply Policy.

Reference:

Increase "Check maximum number of headers" to 30 under Learning and Blocking settings screen for a policy.

Print Friendly and PDF
Share/Bookmark

No comments:

Post a Comment