You can enforce strict limitations on incoming headers intended for a service using SECURITY > Allow/Deny Rules > Header : Allow/Deny Rules section. It is used to sanitize HTTP headers that carry sensitive information identifying the client and some application-specific state information passed as one or more HTTP headers. A header ACL can be configured to protect against attack types and potentially malicious metacharacters and keywords that are placed in a header.
To create a Header ACL rule:
- Go to the SECURITY > Allow/Deny Rules page.
- In the Header : Allow/Deny Rules section, identify the Service to which you want to add the header ACL rule.
- Click Add next to the Service. The Create Header ACL window appears.
- Specify appropriate values for the given fields and click Save.
For more information, click Help in the web interface.