Last Modified: Sep 13, 2023
Known Affected Versions:
17.0.0, 22.214.171.124, 126.96.36.199
Opened: Apr 19, 2022 Severity: 3-Major
When Multiple Referer headers contains a backslash character ('\') in query string portion, 'IIS backslashes' evasion technique violation is raised.
False positive evasion technique violation is raised for Referer header.
- 'Url Normalization' is turned on and 'Evasion Techniques Violations' is enabled. - Multiple Referer header contains a backslash character ('\') in query string part.
In the HTTP Header Properties screen, turn off the 'Url Normalization' on the 'Normalization Settings' section of the 'referer' property.
Fixed Multiple Referer header handling before URL Normalization.