[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Why would I choose to deny "unknown http headers" at my firewall?

Why would I choose to deny "unknown http headers" at my firewall?  We have an application that sends, what else, Microsoft proprietary AJAX http headers.  Our customer's firewall is swatting those down.  One of our developers is telling us just have the customer disable that setting.  Unfortunately I don't have the brand and model of the firewall.  Is there the potential for abuse with unknown headers (generally speaking)?  Or is this a redundant filter?  Why would you use them?  Can anyone point me to papers that describe attacks using this kind of header?
0
jerry_cornelius
Asked:
jerry_cornelius
1 Solution
 
Freya28Commented:
it is a security issue.  i hope this link helps explain
https://www.kb.cert.org/vuls/id/867593
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now