The HTTP security profile consists of many different security checks for the various components of HTTP traffic. This implementation shows you how to fine-tune your HTTP security profile as required by your environment. The custom checks are described under the assumption that you have already created a custom HTTP security profile but have no other prerequisite or special order. You need configure only the custom checks that you are interested in.
You can achieve a greater level of security when you configure Protocol Security Module to perform the following checks:
When Protocol Security Manager receives a request from a client, the first request that the system validates for HTTP traffic is RFC protocol compliance. If a request passes the compliance checks, the system applies the security profile to the remainder of the request. So that your system fully validates RFC compliance, keep all of these default checks enabled:
For every HTTP request that the Protocol Security Manager receives, the system examines requests for methods of application attack that are designed to avoid detection. These coding methods, called evasion techniques, trigger the Evasion technique detected violation. The Protocol Security Manager can detect many evasion techniques such as these:
|Alarm||The system logs any requests that trigger the violation. This is the default setting.|
|Block||The system blocks any requests that trigger the violation.|
|Alarm and Block||The system both logs and blocks any requests that trigger the violation.|
Protocol Security Manager can perform several types of checks on HTTP requests to ensure that the requests are well-formed and protocol-compliant.
|Alarm||The system logs any responses that trigger the Mandatory HTTP header is missing violation. This is the default setting.|
|Block||The system blocks any requests that trigger the Mandatory HTTP header is missing violation.|
|Alarm and Block||The system both logs and blocks any requests that trigger the Mandatory HTTP header is missing violation.|