The HTTP security profile consists of many different security checks for the various components of HTTP traffic. This implementation shows you how to fine-tune your HTTP security profile as required by your environment. The custom checks are described under the assumption that you have already created a custom HTTP security profile but have no other prerequisite or special order. You need configure only the custom checks that you are interested in.
You can achieve a greater level of security when you configure Protocol Security Manager™ to perform the following checks:
When Protocol Security Manager™ receives an HTTP request from a client, the first validation check that the system performs is to ensure that it is RFC protocol compliant. If the request passes the compliance checks, the system applies the security profile to the request. So that your system fully validates RFC compliance, keep the following HTTP Protocol Checks enabled (they are enabled by default):
Protocol Security Manager™ can examine HTTP requests for methods of application attack that are designed to avoid detection. When found, these coding methods, called evasion techniques, trigger the Evasion technique detected violation. Protocol Security Manager can detect evasion techniques, such as these:
By default, the system logs requests that contain evasion techniques. You can also block requests with evasion techniques..
|Alarm||The system logs any requests that trigger the violation. This is the default setting.|
|Block||The system blocks any requests that trigger the violation.|
|Alarm and Block||The system both logs and blocks any requests that trigger the violation.|
Protocol Security Manager™ can perform several types of checks on HTTP requests to ensure that the requests are well-formed and protocol-compliant.
|Alarm||The system logs any responses that trigger the Mandatory HTTP header is missing violation. This is the default setting.|
|Block||The system blocks any requests that trigger the Mandatory HTTP header is missing violation.|
|Alarm and Block||The system both logs and blocks any requests that trigger the Mandatory HTTP header is missing violation.|