Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Headers Illicit Characters - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
HTTP Headers Illicit Characters
You can find the standard here: tools.ietf.org/html/… . RFC 7230 is the most recent HTTP standard and section 3.2.6 defines what is (and is not) allowed in HTTP headers. Johannes

3271 Posts
ISC Handler
First thank you very much try to listen to your POD Cast at 5:00 Houston time.

if I understand the link here: https://tools.ietf.org/html/rfc7230#section-3.2.6

Then the approved characters in a header directive and/or its value is the US-ASCII visible set here: http://www.asciitable.com/

However; these values (),/:;<=>?@[\]{} are not allowed in the directive and they must be used as delimiters within the value of the directive unless in comments.

Am I interpreting this correctly?

So even a tilde can be used in a directive legally?
David

3 Posts

Sign Up for Free or Log In to start participating in the conversation!