Forum Discussion
dburnett_103851
Jan 28, 2009Nimbostratus
Thanks for the posting.
As it now transpires that the 'Header Name with No Header Value' check actively protects against a HTTP Request Smuggling attack I've had no other choice but to re-enable the checks on our F5s.
However, this should now mean the Yahoo robots will start to be blocked again, so if there are other options to allow the slurps through, or to prevent HTTP Request Smuggling attacks whilst having the check turned off, I'd be glad to hear them