Back to Glossary

Glossary Term

HTTP Request Smuggling

Conflicting HTTP parsers let attackers inject hidden requests between proxies and apps.

1 min read

Share this definition

Post it to your feed or send it to teammates.

HTTP Request Smuggling

1-minute read

What it is

HTTP Request Smuggling exploits inconsistencies in how different servers interpret HTTP requests, allowing attackers to inject hidden or desynchronized requests.

Why it matters

It can bypass security controls, poison caches, and expose internal endpoints to unauthorized access by confusing load balancers, proxies, and application servers.

How to reduce risk

  • Standardize HTTP parsing behavior across proxies and application servers
  • Keep reverse proxies, WAFs, and load balancers patched
  • Enforce strict protocol compliance and reject ambiguous headers

Related Terms: Web Cache Poisoning, Web Application Firewall, Open Redirect

External Resources:

  • PortSwigger – HTTP Request Smuggling: https://portswigger.net/web-security/request-smuggling