jerry_cornelius
asked on
Why would I choose to deny "unknown http headers" at my firewall?
Why would I choose to deny "unknown http headers" at my firewall? We have an application that sends, what else, Microsoft proprietary AJAX http headers. Our customer's firewall is swatting those down. One of our developers is telling us just have the customer disable that setting. Unfortunately I don't have the brand and model of the firewall. Is there the potential for abuse with unknown headers (generally speaking)? Or is this a redundant filter? Why would you use them? Can anyone point me to papers that describe attacks using this kind of header?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.