HTTP Headers - HTTP Compliance Failed

Hi MSZ,

It may be required by your application, but only the developer of the application knows for sure. For further reading on the purpose of the X-Wap-Profile header see...

https://en.wikipedia.org/wiki/UAProf

But the header should have at least a value to become RFC conform. You could now either allow non empty headers in ASM, or use an iRule to remove every empty instance of "X-Wap-Profile" before passing the request to ASM.

when HTTP_REQUEST {
    if { [HTTP::header value "X-Wap-Profile"] eq "" } then {
        HTTP::header remove "X-Wap-Profile"
    }
}

Cheers, Kai

There must be a value for every Header for Compliance. We cannot remove check of blocking on Header Compliance. If we ignore this then, will it be harmful for application? Kindly suggest.

You have two options:

Remove the header if it exists, or

Add some value to the header if its value is null

In either case, how it may or may not affect the application is dependent on the application itself.

How to convey this to application team.?

You first have to define what application needs this header, if the header is necessary for the application to function, and/or if it's acceptable to add a value to it. This information will likely come from the application team directly. Or as is usually the case, because they won't know, after simply testing your header removal or value-adding iRule code.

Is there any way to ignore individual http header?

Again, you're asking about compliance and functionality, which are sometimes contrary to one another. If the application needs it, and it needs the value to be blank, then you're simply not going to get compliance.

I am unable to find such option in WAF.

Not sure what you're asking here.