not RFC 2616 compliant Header request issue
Hi Guys, I need help regarding this Confusing issue. I have a case where an application receives a JSON request, generating false positive violation, we've learned it, but ASM is still blocking the request, we've created JSON profile and assigned to the URL, but still facing same block, after investigation we've found that the request is not RFC compliant, RFC 2616. The problematic part in the request User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/55.0.2883.87 Safari/537.36
There isn't any SP or HT in a beginning of second line. This is violating the RFC .
Because of this ASM read the 'Content-Type: application/json ' as 'Chrome/55.0.2883.87 SafariCRLFContent-Type' : 'application/json' as such it does not match with the header based content profile .
what are possible solutions for such issue?
- POST /api/dynamicapi/sc29submitrequest?lang=en HTTP/1.1
- Host: carl
- Connection: keep-alive
- Content-Length: 567
- Origin:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
- Content-Type: application/json;charset=UTF-8
- Accept: application/json, text/plain, /
- X-ODP-API-KEY: 1ccbc4c913bc4ce785a0a2de444aa0d6