You can enforce strict limitations on incoming headers intended for a service using the WEBSITES > Allow/Deny Rules > Header : Allow/Deny Rules section. You can sanitize HTTP headers that carry sensitive information identifying the client and some application-specific state information passed as one or more HTTP headers. A header ACL can be configured to prevent attack types and stop potentially malicious metacharacters and keywords from being allowed in a header.
To create a Header ACL rule:
- Go to the WEBSITES > Allow/Deny Rules page.
- In the Header : Allow/Deny Rules section, identify the service which needs a header ACL rule.
- Click Add next to the service. The Create Header ACL window appears.
- Specify appropriate values for the given fields and click Save.
For more information, click Help in the web interface. Also, see Allow/Deny/Redirect Rules for URLs.