TechQA.

Http Request Smuggling Vulnerability

1.3k views Asked by At

We are blocking the requests with header containing Transfer-Encoding.

Only requests with Content Length are allowed.This wil impact to the application by any means, also how is determined to send transfer-encoding or Content-length in a request.

iis content-length transfer-encoding requestfiltering
Original Q&A
1

There are 1 answers

0
Bruce Zhang On

There are two ways to achieve this.

First one, you can use <scanHeaders> to filter some requests with Transfer-Encoding. enter image description here

You can add a filtering rule like this. It will scan headers to check if Transfer-Encoding exits. If the value is same with Deny Strings, the requests will be blocked. It is easy to configure and add. But the disadvantage is that he can only judge whether the value of the header matches the Deny String, that is to say, it cannot judge a certain range value. And I haven't found out how to allow a certain header with this rule.

Second one is using url rewrite rule. You can add a rule like this:

<rule name="deny rule" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{Transfer-Encoding}" pattern="value" />
                </conditions>
                <action type="AbortRequest" />
            </rule>

You can set a regular expression to determine the value of the header or a range of values. It is also easy to configure and can allow certain headers. Just change the action type to None.

Related Questions in IIS

Related Questions in CONTENT-LENGTH

Related Questions in TRANSFER-ENCODING

Related Questions in REQUESTFILTERING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions