Bug ID 1111793: New HTTP RFC Compliance check for incorrect newline separators between request line and first header

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,

Fixed In:

Opened: Jun 02, 2022
Severity: 4-Minor


ASM does not enforce incoming HTTP requests where the request line and the first header are separated with a line feed ('\n').


Invalid requests might pass through ASM enforcement.


Any HTTP request with a line feed only at the end of the request line will not be enforced.



Fix Information

HTTP requests with LF('\n') as the only separator between the request line and the first header are enforced, and "Unparsable request content" is reported.

Behavior Change