How to prevent HTTP response splitting

Question

Hi to All,&nbsp;&nbsp;I have a URL which is working fine when access it with its domain name but cannot access with its IP address.&nbsp;&nbsp;&nbsp;There is no issue with server.&nbsp;&nbsp;&nbsp;when I append some strings to that URL like for example&nbsp;&nbsp;&nbsp;URL_domain_name.com/main%0d%0ahttp://www.example.com  , it is showing some error messages which means HTTP header injection is prevented.&nbsp;&nbsp;&nbsp;But when using same URL with its IP address like below&nbsp;&nbsp;&nbsp;URL_IPaddress/main%0d%0ahttp://www.example.com  , it is redirecting to www.example.com which causes HTTP header injection that should be prevented.&nbsp;&nbsp;&nbsp;Does any one knows how to prevent this &nbsp;HTTP response splitting::Header injection possible&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Thanks&nbsp;swapna&nbsp;&nbsp;&nbsp;

kaefuh · Answer

what is violations information, if you could be share once.

samstep · Answer

Check HTTP Class for this Virtual Server - if it is enabled only for Host: URL_domain_name.com then the requests with IP address instead of domain name are not going through ASM policy

Forum Discussion

How to prevent HTTP response splitting

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Operationlizing Online Fraud Detection, Prevention, and Response

GSLB Split DNS by iRule

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Introduction of Incident Response

SSL VPN Split Tunneling and Office 365