This technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling. This technique makes use of implicit information found in the TCP stream, namely the segmentation into packets and the TCP PSH bit.

In HTTP Response Splitting, the proposed technique needs to be applied at the proxy server, the one closest to the web server, and to the response stream. In HTTP Request Smuggling, this technique needs to be applied at the entity closest to the attacked proxy server/device (i.e. implemented in another proxy server, or the web server itself), and to the request stream (note, however, that this second server may be off the premises of the organization wherein the web server is, see also "Can HTTP Request Smuggling be blocked by Web Application Firewalls?".

The link for this article located at SecuriTeam.com is no longer available.