The tweet highlights a vulnerability in Akamai’s WAF where attackers can bypass it by sending scrambled headers. This weakness allows malicious actors to evade the WAF’s protection. This type of bypass has been known to exist for years, indicating a persistent issue in Akamai’s WAF security. A detailed blog post should be made to address this vulnerability, outlining the specific method of bypass using scrambled headers and its impact on Akamai’s WAF security.
Everytime there is a patch, another bypass opens up. People have been doing these for years at this point,
Hell, Akamai's WAF is so poor you could get past it by sending scrambled headers.
— Salman Farsi (@mrsalmanfarsi) March 23, 2024