HTTP header obfuscation
The headers of HTTP requests or responses can be modified to make the discovery of patterns and attacks more difficult. To prevent this, the FortiGate unit will:
• remove junk header lines
• reassemble an HTTP header that’s been folded onto multiple lines
• move request parameters to HTTP POST body from the URL
The message is scanned for any enabled HTTP IPS signatures once these problems are corrected.