Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP Application Security Manager

HTTP Protocol

Introduction to HTTP Protocol

HTTP (HyperText Transfer Protocol) is the foundation of data communication on the web. It is the protocol used by web browsers and servers to communicate and exchange information.

1. HTTP as a Unidirectional (Half-Duplex) Protocol

  • HTTP is termed "unidirectional" because communication occurs in one direction at a time:

    • Client sends a request,

    • Server sends a response.

  • It operates in a half-duplex manner, meaning a client can either send or receive data at a given moment but not both simultaneously.

2. HTTP is Stateless

  • HTTP does not inherently retain information about past interactions (it is "stateless").

  • After a client sends a request and the server responds, both parties discard the session context.

  • Applications often use mechanisms like:

    • Cookies: Small data pieces stored on the client side to maintain session information.

    • Sessions: Server-side storage of user-specific information tied to session IDs.

3. HTTP Request/Response Model

HTTP operates on a request/response model where the client initiates a request and the server processes it and returns a response.

4. HTTP Protocol Versions

Over the years, HTTP has evolved to improve performance, scalability, and efficiency:

  1. HTTP/1.0 (1996):

    • Early version with Session : Connection (1:1) mapping.

    • Each request required a new TCP connection to the server, leading to significant latency and overhead.

    • No connection persistency, meaning the connection was closed after each request/response.

  2. HTTP/1.1 (1997):

    • Introduced persistent connections:

      • Multiple requests could reuse a single connection (N:1 relationship).

    • Keep-Alive: Allowed TCP connections to remain open for multiple requests.

    • Pipelining: Permitted sending multiple requests without waiting for each response (though this wasn’t widely adopted due to head-of-line blocking).

  3. HTTP/2.0 (2015):

    • Introduced multiplexing over a single connection:

      • Multiple requests and responses can be handled in parallel on the same connection.

      • Reduces latency and improves bandwidth utilization.

    • Utilizes binary framing instead of text for efficiency.

  4. HTTP/3.0 (2020):

    • Built on QUIC (Quick UDP Internet Connections), a protocol using UDP instead of TCP.

    • Provides:

      • Faster connection establishment.

      • Improved performance over unreliable networks.

    • Implements HTTP/2 features like multiplexing over QUIC for even greater speed and reliability.

5. Inspection of Both Requests and Responses

  • For effective protection, inspecting both the request and response is essential.

    • Request inspection: Identifying malicious payloads, injection attacks, or anomalous behavior.

    • Response inspection: Detecting data leaks, malware delivery, or server misconfigurations.

6. HTTP Methods and Security Concerns

HTTP provides several methods, each serving different purposes but posing unique security risks:

  • GET:

    • Used to retrieve resources.

    • Vulnerable to data exposure if sensitive information is appended to URLs (e.g., query strings).

  • POST:

    • Used to send data to the server.

    • Often targeted by injection attacks (SQL, XSS) as it handles input data.

  • PUT:

    • Used to update resources.

    • May lead to overwriting or unauthorized updates if improperly secured.

  • DELETE:

    • Used to delete resources.

    • Requires strong authentication to prevent abuse.

  • HEAD, OPTIONS, TRACE, CONNECT:

    • Used less commonly but can expose information about the server or be abused in certain attacks.

PreviousBIG-IP Application Security ManagerNextDeep Dive to “HTTP Request” on ASM Module

Last updated 3 months ago