Bug ID 1111793: New HTTP RFC Compliance check for incorrect newline separators between request line and first header

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.0, 16.1.4, 15.1.7

Opened: Jun 02, 2022

Severity: 4-Minor


ASM does not enforce incoming HTTP requests where the request line and the first header are separated with a line feed ('\n').


Invalid requests might pass through ASM enforcement.


Any HTTP request with a line feed only at the end of the request line will not be enforced.



Fix Information

HTTP requests with LF('\n') as the only separator between the request line and the first header are enforced, and "Unparsable request content" is reported.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips