smalex
Jun 11, 2019Altostratus
ASM- Bad HTTP version
We have implemented ASM last day and many requests are blocked stating: Bad HTTP version. Version is 1.1 but still its blocked. What might be the reason. Please Guide.
This is not a valid URL. No wonder ASM is flagging it.
"...HAD_FAQ_en&query=HAD License exams&p..."
You can't have spaces in a URL. Its likely thinking "License" is the HTTP version.
Thank you for the reply. But Without ASM in place these were working. Shouldn't it have been blocked?
What is there to block it? Firewalls never see the URL in a SSL session, only the application sees the final request and it will either accept it or it won't. The request is definitely outside the spec for HTTP. ASM will never pass this kind of request as it fails protocol compliance. One of the very reasons Application Security Manager was designed to address.