APIRef_tm_security_http_profile

mgmt/tm/security/http/profile

/tm/security/http

Virtual server HTTP security profile configuration

REST Endpoints

Collection URI
/mgmt/tm/security/http/profile
Collection Methods
OPTIONS, GET
Resource URI
/mgmt/tm/security/http/profile/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Resource Natural Key
name, partition, subPath

Properties

Name Type Default Value Required Access Description
appService string   optional read/write The application service that the object belongs to.
caseInsensitive boolean true optional read/write Specifies that the security profile treats file types as case insensitive.
caseSensitive boolean true optional read/write Specifies that the security profile treats file types as case sensitive. This is the default.
defaultsFrom string   optional read/write Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings and values from the parent profile specified.
description string   optional read/write User defined description.
tmPartition string Common optional read/write Displays the administrative partition within which this profile resides.

Structures

Name Type Default Value Required Access Description
/evasion-techniques array_structure   optional read/write  
/evasion-techniques/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever the system detects an evasion technique. The default value is enabled.
/evasion-techniques/block string disabled optional read/write Specifies, when enabled, that the system stops requests whenever the system detects an evasion technique. The default value is disabled.
/evasion-techniques/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever the system detects an evasion technique. The default value is enabled.
/evasion-techniques/block string disabled optional read/write Specifies, when enabled, that the system stops requests whenever the system detects an evasion technique. The default value is disabled.
/file-types array_structure   optional read/write  
/file-types/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever the system detects a request for an illegal file type. The default value is enabled.
/file-types/allowed boolean false optional read/write Indicates that the values property lists file types that the security profile permits.
/file-types/block string disabled optional read/write Specifies, when enabled, that the system stops requests for an illegal file type. The default value is disabled.
/file-types/disallowed boolean false optional read/write Indicates that the values property lists file types that the security profile prohibits. This is the default.
/file-types/values string   optional read/write Configures a list of file types considered either legal or illegal by the security profile.
/file-types/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever the system detects a request for an illegal file type. The default value is enabled.
/file-types/allowed boolean false optional read/write Indicates that the values property lists file types that the security profile permits.
/file-types/block string disabled optional read/write Specifies, when enabled, that the system stops requests for an illegal file type. The default value is disabled.
/file-types/disallowed boolean false optional read/write Indicates that the values property lists file types that the security profile prohibits. This is the default.
/file-types/values string   optional read/write Configures a list of file types considered either legal or illegal by the security profile.
/http-rfc array_structure   optional read/write  
/http-rfc/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever a request fails one of the enabled HTTP protocol checks. The default value is enabled.
/http-rfc/bad-host-header string enabled optional read/write Specifies, when enabled, that the system inspects requests to see whether they contain a non RFC compliant header value. The default value is enabled.
/http-rfc/bad-version string enabled optional read/write Specifies, when enabled, that the system inspects requests to see whether they request information from a client using an HTTP protocol version 1.0 or higher. The default value is enabled.
/http-rfc/block string disabled optional read/write Specifies, when enabled, that the system stops requests that fail one of the enabled HTTP protocol checks. The default value is disabled.
/http-rfc/body-in-get-head string disabled optional read/write Specifies, when enabled, that the system examines requests that use the HEAD or GET methods to see whether the requests contain data in their bodies, which is considered illegal. The default value is disabled.
/http-rfc/chunked-with-content-length string enabled optional read/write Specifies, when enabled, that the system examines chunked requests for a content-length header, which is not permitted. The default value is enabled.
/http-rfc/content-length-is-positive string enabled optional read/write Specifies, when enabled, that the system examines requests to see whether their content length value is greater than zero. The default value is enabled.
/http-rfc/header-name-without-value string enabled optional read/write Specifies, when enabled, that the system checks requests for valueless header names, which are considered illegal. The default value is enabled.
/http-rfc/high-ascii-in-headers string disabled optional read/write Specifies, when enabled, that the system inspects request headers for ASCII characters greater than 127, which are not permitted. The default value is disabled.
/http-rfc/host-header-is-ip string disabled optional read/write Specifies, when enabled, that the system verifies that the request’s host header value is not an IP address. The default value is disabled.
/http-rfc/maximum-headers string 20 optional read/write Specifies whether the system compares the number of headers in the requests against the maximum number, and if so, how many headers are allowed. The default value is a maximum of 20 headers.
/http-rfc/null-in-body string disabled optional read/write Specifies, when enabled, that the system inspects request bodies to see whether they contain a Null character, which is not allowed. The default value is disabled.
/http-rfc/null-in-headers string enabled optional read/write Specifies, when enabled, that the system inspects request headers to see whether they contain a Null character, which is not allowed. The default value is enabled.
/http-rfc/post-with-zero-length string disabled optional read/write Specifies, when enabled, that the system examines POST method requests for no content-length header, and for a content length of 0. The default value is disabled.
/http-rfc/several-content-length string enabled optional read/write Specifies, when enabled, that the system examines each request to see whether it has more than one content-length header, which is considered illegal. The default value is enabled.
/http-rfc/unparsable-content string enabled optional read/write Specifies, when enabled, that the system examines requests for content that the system cannot parse, which is not permitted. The default value is enabled.
/http-rfc/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it in the Protocol Security Statistics screen whenever a request fails one of the enabled HTTP protocol checks. The default value is enabled.
/http-rfc/bad-host-header string enabled optional read/write Specifies, when enabled, that the system inspects requests to see whether they contain a non RFC compliant header value. The default value is enabled.
/http-rfc/bad-version string enabled optional read/write Specifies, when enabled, that the system inspects requests to see whether they request information from a client using an HTTP protocol version 1.0 or higher. The default value is enabled.
/http-rfc/block string disabled optional read/write Specifies, when enabled, that the system stops requests that fail one of the enabled HTTP protocol checks. The default value is disabled.
/http-rfc/body-in-get-head string disabled optional read/write Specifies, when enabled, that the system examines requests that use the HEAD or GET methods to see whether the requests contain data in their bodies, which is considered illegal. The default value is disabled.
/http-rfc/chunked-with-content-length string enabled optional read/write Specifies, when enabled, that the system examines chunked requests for a content-length header, which is not permitted. The default value is enabled.
/http-rfc/content-length-is-positive string enabled optional read/write Specifies, when enabled, that the system examines requests to see whether their content length value is greater than zero. The default value is enabled.
/http-rfc/header-name-without-value string enabled optional read/write Specifies, when enabled, that the system checks requests for valueless header names, which are considered illegal. The default value is enabled.
/http-rfc/high-ascii-in-headers string disabled optional read/write Specifies, when enabled, that the system inspects request headers for ASCII characters greater than 127, which are not permitted. The default value is disabled.
/http-rfc/host-header-is-ip string disabled optional read/write Specifies, when enabled, that the system verifies that the request’s host header value is not an IP address. The default value is disabled.
/http-rfc/maximum-headers string 20 optional read/write Specifies whether the system compares the number of headers in the requests against the maximum number, and if so, how many headers are allowed. The default value is a maximum of 20 headers.
/http-rfc/null-in-body string disabled optional read/write Specifies, when enabled, that the system inspects request bodies to see whether they contain a Null character, which is not allowed. The default value is disabled.
/http-rfc/null-in-headers string enabled optional read/write Specifies, when enabled, that the system inspects request headers to see whether they contain a Null character, which is not allowed. The default value is enabled.
/http-rfc/post-with-zero-length string disabled optional read/write Specifies, when enabled, that the system examines POST method requests for no content-length header, and for a content length of 0. The default value is disabled.
/http-rfc/several-content-length string enabled optional read/write Specifies, when enabled, that the system examines each request to see whether it has more than one content-length header, which is considered illegal. The default value is enabled.
/http-rfc/unparsable-content string enabled optional read/write Specifies, when enabled, that the system examines requests for content that the system cannot parse, which is not permitted. The default value is enabled.
/mandatory-headers array_structure   optional read/write  
/mandatory-headers/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request does not include a mandatory header. The default value is enabled.
/mandatory-headers/block string disabled optional read/write Specifies, when enabled, that the system stops requests that do not include a mandatory header. The default value is disabled.
/mandatory-headers/values string   optional read/write Configures a list of headers that must appear in requests to be considered legal by the security profile.
/mandatory-headers/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request does not include a mandatory header. The default value is enabled.
/mandatory-headers/block string disabled optional read/write Specifies, when enabled, that the system stops requests that do not include a mandatory header. The default value is disabled.
/mandatory-headers/values string   optional read/write Configures a list of headers that must appear in requests to be considered legal by the security profile.
/maximum-length array_structure   optional read/write  
/maximum-length/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request fails one of the length checks. The default value is enabled.
/maximum-length/block string disabled optional read/write Specifies, when enabled, that the system stops requests that fail one of the length checks. The default value is disabled.
/maximum-length/post-data string 0 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for the POST data portion of a request, and if so, specifies it. The default value is any (no restriction).
/maximum-length/query-string string 1024 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for the query string portion of a request, and if so, specifies it. The default value is 1024 bytes.
/maximum-length/request string 0 optional read/write Indicates whether there is a maximum acceptable length, in bytes, of a request, and if so, specifies it. The default value is any (no restriction).
/maximum-length/uri string 1024 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for a URL, and if so, specifies it. The default value is 1024 bytes.
/maximum-length/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request fails one of the length checks. The default value is enabled.
/maximum-length/block string disabled optional read/write Specifies, when enabled, that the system stops requests that fail one of the length checks. The default value is disabled.
/maximum-length/post-data string 0 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for the POST data portion of a request, and if so, specifies it. The default value is any (no restriction).
/maximum-length/query-string string 1024 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for the query string portion of a request, and if so, specifies it. The default value is 1024 bytes.
/maximum-length/request string 0 optional read/write Indicates whether there is a maximum acceptable length, in bytes, of a request, and if so, specifies it. The default value is any (no restriction).
/maximum-length/uri string 1024 optional read/write Indicates whether there is a maximum acceptable length, in bytes, for a URL, and if so, specifies it. The default value is 1024 bytes.
/methods array_structure   optional read/write  
/methods/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request uses an illegal method. The default value is enabled.
/methods/block string disabled optional read/write Specifies, when enabled, that the system stops requests that use an illegal method. The default value is disabled.
/methods/values string GET HEAD POST optional read/write Configures a list of HTTP methods considered legal by the security profile. The default allowed methods are GET, HEAD, and POST.
/methods/alarm string enabled optional read/write Specifies, when enabled, that the system logs the request data and displays it on the Protocol Security Statistics screen whenever a request uses an illegal method. The default value is enabled.
/methods/block string disabled optional read/write Specifies, when enabled, that the system stops requests that use an illegal method. The default value is disabled.
/methods/values string GET HEAD POST optional read/write Configures a list of HTTP methods considered legal by the security profile. The default allowed methods are GET, HEAD, and POST.
/response array_structure   optional read/write  
/response/body string   optional read/write Specifies the HTML code the system sends to the client in response to an illegal blocked request.
/response/headers string   optional read/write Specifies the response headers that the system sends to the client in response to an illegal blocked request.
/response/type string default optional read/write Specifies which content, or URL, the system sends to the client in response to an illegal blocked request.
/response/url string   optional read/write Specifies the particular URL to which the system redirects the user.
/response/body string   optional read/write Specifies the HTML code the system sends to the client in response to an illegal blocked request.
/response/headers string   optional read/write Specifies the response headers that the system sends to the client in response to an illegal blocked request.
/response/type string default optional read/write Specifies which content, or URL, the system sends to the client in response to an illegal blocked request.
/response/url string   optional read/write Specifies the particular URL to which the system redirects the user.
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.