Content type hearder charset=UTF-8

Question

Hello friends,&nbsp; We have a requirement to have WAF should only allow charset=UTF-8 in the Content-Type header.&nbsp; So curios does this cover by any rule in ASM policy or do we have to create a custom rule through iRule or other ? &nbsp; Basically our objective to accept only ute-8 and reject rest of any. &nbsp; Appreciate any inputs !!

enes_afsin_al · Answer

Hi stephen4f5,
Requests that do not contain charset=UTF-8 in the Content-Type header can be blocked with a custom attack signature.

sanjayp · Answer

Alternatively, you can also create LTM policy or iRule to reject the traffic which doesn't have that content-type header.&nbsp;

zamroni777 · Answer

i dont think utf8-only rules is included in asm built-in rules because utf8 cannot cover all aphabets in single code, e.g. each chinese alphabet needs 3 utf8 codes.
so you need to set custom LTM/ASM filter for it

Forum Discussion

Content type hearder charset=UTF-8

3 Replies

Recent Discussions

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

Using okta as SSO to login F5 GUI

snmp automatic stop mail send

BIG-IP DNS iRule issue with static variable

Related Content

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

iRule to modify a content-security-policy header

This DevCentral Content has been Archived or Deleted