Why would I choose to deny "unknown http headers" at my firewall?

Posted on 2007-07-30
Last Modified: 2013-11-16
Why would I choose to deny "unknown http headers" at my firewall?  We have an application that sends, what else, Microsoft proprietary AJAX http headers.  Our customer's firewall is swatting those down.  One of our developers is telling us just have the customer disable that setting.  Unfortunately I don't have the brand and model of the firewall.  Is there the potential for abuse with unknown headers (generally speaking)?  Or is this a redundant filter?  Why would you use them?  Can anyone point me to papers that describe attacks using this kind of header?
Question by:jerry_cornelius
    1 Comment
    LVL 12

    Accepted Solution

    it is a security issue.  i hope this link helps explain

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now