Follow

How to Check for HTTP protocol compliance failed: Check maximum number of headers Violation

Description

  • I've been blocked by a violation in relation to HTTP protocol compliance failed: Check maximum number of headers
  • How to check/verify the violation
    • Example: Number of headers 27 exceeded maximum limit of: 25

Environment

  • Silverline WAF

Procedure

  1. Note: By default, every policy has a limit of HTTP headers set to 25
  2. On a WAF violation (dealing with HTTP protocol compliance failed: Check maximum number of headers) open up the HTTP Request tab and check all HTTP headers (Note: Ensure to check each HTTP header and determine whether or not the HTTP header is/are expected or used by the application)
    • Screen_Shot_2020-07-06_at_3.06.41_PM.png
    • HTTP_REQUEST.png
    • It is worth remembering, the HTTP request should contain at the very least Host, Cookies, X-Forwarded-For, that's why the application can use at most 22 headers
    • If the application requires more headers: WAF policy can be adjusted to support up to 150 headers. 
  3. To increase # of allowed headers: Open a ticket with the SOC to increase the number of allowed headers e.g. 30
  4. To decrease # of allowed headers: Alternatively, your app developers can decrease the number of headers.

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request