WAF rule for HTTP Response Splitting?


#1

Are there any rules in place to prevent HTTP Response Splitting (https://www.owasp.org/index.php/HTTP_Response_Splitting)?


#2

Never mind… I see rules 950910 and 950911 exist although a recent Tinfoil Security scan on my site flagged a couple of occurrences of splitting.


#3

Hi @freitasm,

Thanks for asking this and also for the follow up. Those rules you mentioned are part of our OWASP ruleset which triggers based on the sensitivity you have set.

We recently published a great guide on tuning the WAF for your website which you can read here:


#4

Unable to submit a new report, I thought I’d ask here.

I would like to be advised on the necessary settings required to mitigate against the CVE-2017-5638 vulnerability please. Thanks