Irule for blocking http smuggling

Question

Hello, 
&nbsp; Would anyone have an Irule  config or template that can block "HTTP request smuggling" or HRS...or possibly forward me if the direction to create one for an ltm running 9x code? 
&nbsp;  
&nbsp; thanks

charlescs · Answer

Is this approach valid for versions prior to 9.4.0? The HTTP_header page in the wiki implies that multiple instances of a named header only get counted more than once in 9.4.0 and above.

hooleylist · Answer

Sorry, I didn't realize the HTTP::header count behavior changed in 9.4.0.  I thought it worked as expected in older versions.  Can you try testing this to check if it doesn't return 2 for two of the same headers? 
&nbsp;  
&nbsp; You can use curl to send a request with two header names: 
&nbsp;  
&nbsp; $ curl -v -H "Header1: value1" -H "Header1: value2" google.com 
&nbsp; * About to connect() to google.com port 80 (0) 
&nbsp; *   Trying 74.125.67.100... connected 
&nbsp; * Connected to google.com (74.125.67.100) port 80 (0) 
&nbsp; &gt; GET / HTTP/1.1 
&nbsp; &gt; User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/0.9.8k zlib/1.2.3 libssh2/0.15-CVS 
&nbsp; &gt; Host: google.com 
&nbsp; &gt; Accept: */* 
&nbsp; &gt; Header1: value1 
&nbsp; &gt; Header1: value2 
&nbsp;  
&nbsp; You could also use a Firefox browser plugin like TamperData to test this. 
&nbsp;  
&nbsp; Aaron

chris_bartnick_ · Answer

Thanks Arron, let me give that a try today in the lab. 
&nbsp;  
&nbsp; Chris

Forum Discussion

Irule for blocking http smuggling

3 Replies

Recent Discussions

Issue on license renewal

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

Related Content

What is SMTP Smuggling and how can you deal with it?

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM

MS Exchange ProxyNotShell block implemented via iRules

iRule - Block part of a query

Block traffic