Jump to content
Welcome to our new Citrix community!
  • 0

Allow missing content-type

Stefan Wendrich1709160263


1 answer to this question

Recommended Posts

  • 0

Are you discussing the REQUEST time content-type header for a POST or a RESPONSE time content-type header in a return response?


I don't think you can make the ADC do content-type validation and expect no header to be valid. GET's won't have one; POST's might. Responses will.   Hopefully, someone else will weigh in.

Possibly, don't do content-type enforcement at all. Or disable the RFC compliance check:  https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/profiles/enforce-http-rfc-compliance.html.

Or content switch this subset of traffic to bypass considerations while still protecting other content.



But in this context, a response without a valid content-type header may not be seen as valid web traffic and if you may have to exempt that traffic from the flow OR not use that response time check.  As an example of why allowing this is bad:  https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/

Or see if there is a request that needs to be blocked to prevent this type of response.



  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...