Follow

Q&A: Does WAF protect my application from HTTP Request Smuggling attacks?

Question

Does WAF protect my application from HTTP Request Smuggling attacks?

 

Environment

  • Silverline WAF

  • Proxy/Proxies
  • WAF Policy/Policies

 

Answer

Yes, WAF protects your application from HTTP Request Smuggling attacks.

 

The below means are you used for the protection:

  • HTTP protocol compliance failed violation blocking module set to Block with the following sub-violations enabled:
    - Several Content-Length headers
    - Chunked request with Content-Length header
    - Unparsable request content
    - POST request with Content-Length: 0.

  • The following WAF attack signatures are enabled:
    - HTTP Desync Attack Attempt, ID 200018061
    - HTTP Response Splitting (1)(Parameter), ID 200023001
    - HTTP Response Splitting (2)(Parameter), ID 200023002
    - HTTP Response Splitting (3)(Parameter), ID 200023003
    - HTTP Response Splitting (4)(Parameter), ID 200023004
    - Non-standard Transfer-Encoding header value, ID 200200002
    - Request Smuggling Attempt (CR Before CL Header), ID 200018085 
    - Request Smuggling Attempt (SP/CR after CL), ID 200018086.

For the protection to be successful, the above must be enabled on the related WAF policy. SOC will help you to check if the above is enabled and will enable it for you if it is not.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request