Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

I spossible to bypass from a cookie a RFC Violations (High ASCII characters in headers)

I have a GET request that contain a Cookie with ASCII character with code greater that 127 and therefore is blocked by the RFC Violations (High ASCII characters in headers). This check is done on the HTTP header. Is it possible to avoid this check only on Cookie parameter ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Cookie header is still a header and should be ASCII characters only in accordance with RFC2616. There is no way to change this behavior in ASM unless you disable the blocking for this rule (which is obviously not secure and should be avoided!)

If your application is sending a high-ASCII character in cookies it is breaking the standard. Even if your back-end web server can interpret high-ASCII characters it does not mean that the application should be sending them. High ASCII-Characters should be Encoded.

Talk to your application developers (if they are available) and ask them to change this and encode the cookie. If it is not possible then the suggested workaround is to write an iRule which will create an exception and allow the request for a particular URI (for example) while still blocking the rest of bad traffic.

0