How to resolve the HTTP Request Smuggling issue in pega ?
Today's web applications frequently employ chains of HTTP servers between users and the ultimate
application logic. Users send requests to a front-end server (sometimes called a load balancer or
reverse proxy) and this server forwards requests to one or more back-end servers. This type of
architecture is increasingly common, and in some cases unavoidable, in modern cloud-based
When the front-end server forwards HTTP requests to a back-end server, it typically sends several
requests over the same back-end network connection, because this is much more efficient and
performant. The protocol is very simple: HTTP requests are sent one after another, and the receiving
server parses the HTTP request headers to determine where one request ends and the next one
HTTP request smuggling vulnerabilities arise in situations where a front-end server forwards multiple requests to a back-end server over the same network connection, and the protocol used for the backend connections carries the risk that the two servers disagree about the boundaries between requests. Some generic ways to prevent HTTP request smuggling vulnerabilities arising are as follows: Disable reuse of back-end connections, so that each back-end request is sent over a separate network connection. Use HTTP/2 for back-end connections, as this protocol prevents ambiguity about the boundaries between requests. Use exactly the same web server software for the front-end and back-end servers, so that they agree about the boundaries between requests.
***Edited by Moderator Marissa to change type from General to Product, update Product details and Platform Capability tags****