HTTP Protocol Compliance Protection

Overview

HTTP RFC non-compliance is one of the basic application security violations. It detects non-compliant violations and prevents the use of the HTTP protocol as an entry point to the application.

Prerequisites

  • Verify attached policy applications to ensure proper security after changes are deployed.

  • You need to have a user role of Security Manager or Administrator to manage a WAF policy.

How to manage HTTP protocol compliance violations

HTTP protocol compliance violations are automatically enabled or disabled on a policy based on your selected template. You can use this process to manually enable or disable violations configured to your policy.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click Policies under WAF.

  3. Select the name of the policy.

    A panel for the General Settings opens.

  4. From the panel menu, click HTTP Protocol Compliance.

    The panel displays HTTP protocol compliance violations.

  5. Click the radial button next to each violation to enable or disable policy enforcement.

  6. Click Save.

  7. If you have completed your changes to the policy, click Deploy to update associated BIG-IP Next instance(s).

  8. To confirm the deployment, click Deploy.

Resources

HTTP protocol compliance management using the policy Editor

Edit the WAF policy JSON declaration directly through the WAF policy editor.