APIRef_tm_security_http_profile¶
mgmt/tm/security/http/profile
Virtual server HTTP security profile configuration
REST Endpoints
- Collection URI
/mgmt/tm/security/http/profile
- Collection Methods
OPTIONS, GET
- Resource URI
/mgmt/tm/security/http/profile/~resource id
- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
- Resource Natural Key
name, partition, subPath
Properties
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
appService |
string | optional | read/write | The application service that the object belongs to. | |
caseInsensitive |
boolean | true | optional | read/write | Specifies that the security profile treats file types as case insensitive. |
caseSensitive |
boolean | true | optional | read/write | Specifies that the security profile treats file types as case sensitive. This is the default. |
defaultsFrom |
string | optional | read/write | Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings and values from the parent profile specified. | |
description |
string | optional | read/write | User defined description. | |
tmPartition |
string | Common | optional | read/write | Displays the administrative partition within which this profile resides. |
Structures
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
/evasion-techniques |
array_structure | optional | read/write | ||
/evasion-techniques/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever the system detects an evasion technique. The default value is enabled. |
/evasion-techniques/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests whenever the system detects an evasion technique. The default value is disabled. |
/evasion-techniques/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever the system detects an evasion technique. The default value is enabled. |
/evasion-techniques/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests whenever the system detects an evasion technique. The default value is disabled. |
/file-types |
array_structure | optional | read/write | ||
/file-types/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever the system detects a request for an illegal file type. The default value is enabled. |
/file-types/allowed |
boolean | false | optional | read/write | Indicates that the values property lists file types that the security profile permits. |
/file-types/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests for an illegal file type. The default value is disabled. |
/file-types/disallowed |
boolean | false | optional | read/write | Indicates that the values property lists file types that the security profile prohibits. This is the default. |
/file-types/values |
string | optional | read/write | Configures a list of file types considered either legal or illegal by the security profile. | |
/file-types/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever the system detects a request for an illegal file type. The default value is enabled. |
/file-types/allowed |
boolean | false | optional | read/write | Indicates that the values property lists file types that the security profile permits. |
/file-types/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests for an illegal file type. The default value is disabled. |
/file-types/disallowed |
boolean | false | optional | read/write | Indicates that the values property lists file types that the security profile prohibits. This is the default. |
/file-types/values |
string | optional | read/write | Configures a list of file types considered either legal or illegal by the security profile. | |
/http-rfc |
array_structure | optional | read/write | ||
/http-rfc/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever a request fails one of the enabled HTTP protocol checks. The default value is enabled. |
/http-rfc/bad-host-header |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects requests to see whether they contain a non RFC compliant header value. The default value is enabled. |
/http-rfc/bad-version |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects requests to see whether they request information from a client using an HTTP protocol version 1.0 or higher. The default value is enabled. |
/http-rfc/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that fail one of the enabled HTTP protocol checks. The default value is disabled. |
/http-rfc/body-in-get-head |
string | disabled | optional | read/write | Specifies, when enabled, that the system examines requests that use the HEAD or GET methods to see whether the requests contain data in their bodies, which is considered illegal. The default value is disabled. |
/http-rfc/chunked-with-content-length |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines chunked requests for a content-length header, which is not permitted. The default value is enabled. |
/http-rfc/content-length-is-positive |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines requests to see whether their content length value is greater than zero. The default value is enabled. |
/http-rfc/header-name-without-value |
string | enabled | optional | read/write | Specifies, when enabled, that the system checks requests for valueless header names, which are considered illegal. The default value is enabled. |
/http-rfc/high-ascii-in-headers |
string | disabled | optional | read/write | Specifies, when enabled, that the system inspects request headers for ASCII characters greater than 127, which are not permitted. The default value is disabled. |
/http-rfc/host-header-is-ip |
string | disabled | optional | read/write | Specifies, when enabled, that the system verifies that the request’s host header value is not an IP address. The default value is disabled. |
/http-rfc/maximum-headers |
string | 20 | optional | read/write | Specifies whether the system compares the number of headers in the requests against the maximum number, and if so, how many headers are allowed. The default value is a maximum of 20 headers. |
/http-rfc/null-in-body |
string | disabled | optional | read/write | Specifies, when enabled, that the system inspects request bodies to see whether they contain a Null character, which is not allowed. The default value is disabled. |
/http-rfc/null-in-headers |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects request headers to see whether they contain a Null character, which is not allowed. The default value is enabled. |
/http-rfc/post-with-zero-length |
string | disabled | optional | read/write | Specifies, when enabled, that the system examines POST method requests for no content-length header, and for a content length of 0. The default value is disabled. |
/http-rfc/several-content-length |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines each request to see whether it has more than one content-length header, which is considered illegal. The default value is enabled. |
/http-rfc/unparsable-content |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines requests for content that the system cannot parse, which is not permitted. The default value is enabled. |
/http-rfc/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever a request fails one of the enabled HTTP protocol checks. The default value is enabled. |
/http-rfc/bad-host-header |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects requests to see whether they contain a non RFC compliant header value. The default value is enabled. |
/http-rfc/bad-version |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects requests to see whether they request information from a client using an HTTP protocol version 1.0 or higher. The default value is enabled. |
/http-rfc/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that fail one of the enabled HTTP protocol checks. The default value is disabled. |
/http-rfc/body-in-get-head |
string | disabled | optional | read/write | Specifies, when enabled, that the system examines requests that use the HEAD or GET methods to see whether the requests contain data in their bodies, which is considered illegal. The default value is disabled. |
/http-rfc/chunked-with-content-length |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines chunked requests for a content-length header, which is not permitted. The default value is enabled. |
/http-rfc/content-length-is-positive |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines requests to see whether their content length value is greater than zero. The default value is enabled. |
/http-rfc/header-name-without-value |
string | enabled | optional | read/write | Specifies, when enabled, that the system checks requests for valueless header names, which are considered illegal. The default value is enabled. |
/http-rfc/high-ascii-in-headers |
string | disabled | optional | read/write | Specifies, when enabled, that the system inspects request headers for ASCII characters greater than 127, which are not permitted. The default value is disabled. |
/http-rfc/host-header-is-ip |
string | disabled | optional | read/write | Specifies, when enabled, that the system verifies that the request’s host header value is not an IP address. The default value is disabled. |
/http-rfc/maximum-headers |
string | 20 | optional | read/write | Specifies whether the system compares the number of headers in the requests against the maximum number, and if so, how many headers are allowed. The default value is a maximum of 20 headers. |
/http-rfc/null-in-body |
string | disabled | optional | read/write | Specifies, when enabled, that the system inspects request bodies to see whether they contain a Null character, which is not allowed. The default value is disabled. |
/http-rfc/null-in-headers |
string | enabled | optional | read/write | Specifies, when enabled, that the system inspects request headers to see whether they contain a Null character, which is not allowed. The default value is enabled. |
/http-rfc/post-with-zero-length |
string | disabled | optional | read/write | Specifies, when enabled, that the system examines POST method requests for no content-length header, and for a content length of 0. The default value is disabled. |
/http-rfc/several-content-length |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines each request to see whether it has more than one content-length header, which is considered illegal. The default value is enabled. |
/http-rfc/unparsable-content |
string | enabled | optional | read/write | Specifies, when enabled, that the system examines requests for content that the system cannot parse, which is not permitted. The default value is enabled. |
/mandatory-headers |
array_structure | optional | read/write | ||
/mandatory-headers/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request does not include a mandatory header. The default value is enabled. |
/mandatory-headers/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that do not include a mandatory header. The default value is disabled. |
/mandatory-headers/values |
string | optional | read/write | Configures a list of headers that must appear in requests to be considered legal by the security profile. | |
/mandatory-headers/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request does not include a mandatory header. The default value is enabled. |
/mandatory-headers/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that do not include a mandatory header. The default value is disabled. |
/mandatory-headers/values |
string | optional | read/write | Configures a list of headers that must appear in requests to be considered legal by the security profile. | |
/maximum-length |
array_structure | optional | read/write | ||
/maximum-length/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request fails one of the length checks. The default value is enabled. |
/maximum-length/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that fail one of the length checks. The default value is disabled. |
/maximum-length/post-data |
string | 0 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for the POST data portion of a request, and if so, specifies it. The default value is any (no restriction). |
/maximum-length/query-string |
string | 1024 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for the query string portion of a request, and if so, specifies it. The default value is 1024 bytes. |
/maximum-length/request |
string | 0 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, of a request, and if so, specifies it. The default value is any (no restriction). |
/maximum-length/uri |
string | 1024 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for a URL, and if so, specifies it. The default value is 1024 bytes. |
/maximum-length/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request fails one of the length checks. The default value is enabled. |
/maximum-length/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that fail one of the length checks. The default value is disabled. |
/maximum-length/post-data |
string | 0 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for the POST data portion of a request, and if so, specifies it. The default value is any (no restriction). |
/maximum-length/query-string |
string | 1024 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for the query string portion of a request, and if so, specifies it. The default value is 1024 bytes. |
/maximum-length/request |
string | 0 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, of a request, and if so, specifies it. The default value is any (no restriction). |
/maximum-length/uri |
string | 1024 | optional | read/write | Indicates whether there is a maximum acceptable length, in bytes, for a URL, and if so, specifies it. The default value is 1024 bytes. |
/methods |
array_structure | optional | read/write | ||
/methods/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request uses an illegal method. The default value is enabled. |
/methods/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that use an illegal method. The default value is disabled. |
/methods/values |
string | GET HEAD POST | optional | read/write | Configures a list of HTTP methods considered legal by the security profile. The default allowed methods are GET, HEAD, and POST. |
/methods/alarm |
string | enabled | optional | read/write | Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request uses an illegal method. The default value is enabled. |
/methods/block |
string | disabled | optional | read/write | Specifies, when enabled, that the system stops requests that use an illegal method. The default value is disabled. |
/methods/values |
string | GET HEAD POST | optional | read/write | Configures a list of HTTP methods considered legal by the security profile. The default allowed methods are GET, HEAD, and POST. |
/response |
array_structure | optional | read/write | ||
/response/body |
string | optional | read/write | Specifies the HTML code the system sends to the client in response to an illegal blocked request. | |
/response/headers |
string | optional | read/write | Specifies the response headers that the system sends to the client in response to an illegal blocked request. | |
/response/type |
string | default | optional | read/write | Specifies which content, or URL, the system sends to the client in response to an illegal blocked request. |
/response/url |
string | optional | read/write | Specifies the particular URL to which the system redirects the user. | |
/response/body |
string | optional | read/write | Specifies the HTML code the system sends to the client in response to an illegal blocked request. | |
/response/headers |
string | optional | read/write | Specifies the response headers that the system sends to the client in response to an illegal blocked request. | |
/response/type |
string | default | optional | read/write | Specifies which content, or URL, the system sends to the client in response to an illegal blocked request. |
/response/url |
string | optional | read/write | Specifies the particular URL to which the system redirects the user. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.