Forum Discussion

Nimbostratus

Jun 06, 2024

SECADV045: PA HTTP Smuggling vulnerability

Can you confirm if the following product 'F5 Rules for AWS WAF' has been updated to provide protection against SECADV045: PA HTTP Smuggling vulnerability? Tag- F5 Rules for AWS WAF

F5 Rules for AWS WAF

zamroni777

MVP

Jul 03, 2024

as mentioned in below article, enable RFC compliance enforcement in vserver's http profile.
this feature should also work in ltm-only license.

HTTP Request Smuggling, what it is, how to find it and how to stop it

https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-local-traffic-management-profiles-reference/services-profiles.html#concept-1183

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SECADV045: PA HTTP Smuggling vulnerability

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

HTTP Request Smuggling, what it is, how to find it and how to stop it

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS