Web Cache Poisoning and HTTP Request Smuggling: Principles, Attack Scenarios, and Defenses

The article explains how misconfigured caches and inconsistent front‑end/back‑end parsing enable web cache poisoning and HTTP request smuggling attacks, illustrates practical exploitation scenarios, and recommends disabling caching, unifying request‑boundary logic, and adopting HTTP/2 or strict configurations to defend against these high‑impact threats.

Defense StrategiesHTTP request smugglingRequest Smuggling

0 likes · 16 min read

Web Cache Poisoning and HTTP Request Smuggling: Principles, Attack Scenarios, and Defenses

JD Cloud Developers

Feb 18, 2021 · Information Security

Uncovering HTTP Request Smuggling: Techniques, Exploits, and Defenses

This article explores HTTP request smuggling—its origins, how inconsistencies in proxy and server implementations enable the attack, detailed packet constructions using Content‑Length and chunked encoding, practical PortSwigger lab demonstrations, and effective mitigation strategies such as disabling TCP reuse and adopting cloud‑based security services.

HTTP request smugglingWeb Securitychunked encoding

0 likes · 22 min read

Uncovering HTTP Request Smuggling: Techniques, Exploits, and Defenses