- I've been blocked by a violation in relation to HTTP protocol compliance failed: Check maximum number of headers
- How to check/verify the violation
- Example: Number of headers 27 exceeded maximum limit of: 25
- Silverline WAF
- Note: By default, every policy has a limit of HTTP headers set to 25
- On a WAF violation (dealing with HTTP protocol compliance failed: Check maximum number of headers) open up the HTTP Request tab and check all HTTP headers (Note: Ensure to check each HTTP header and determine whether or not the HTTP header is/are expected or used by the application)
- It is worth remembering, the HTTP request should contain at the very least Host, Cookies, X-Forwarded-For, that's why the application can use at most 22 headers
- If the application requires more headers: WAF policy can be adjusted to support up to 150 headers.
- To increase # of allowed headers: Open a ticket with the SOC to increase the number of allowed headers e.g. 30
- To decrease # of allowed headers: Alternatively, your app developers can decrease the number of headers.
- Q&A: What's the maximum number of HTTP headers allowed in a WAF Policy?
- Issue: Silverline Cookie Limit in HTTP Headers