How to: Configure User Defined HTTP Header¶
Following is an example configuration where we enable Header violations in blocking mode, create a custom header MyHeader
, and configure this custom header to allow multiple occurrences of the same header, disable checking attack signatures for the header, and mark it as optional (not mandatory):
{
"policy": {
"name": "user_headers_blocking_policy",
"template": {
"name": "POLICY_TEMPLATE_RATING_BASED"
},
"applicationLanguage": "utf-8",
"enforcementMode": "blocking",
"blocking-settings": {
"violations": [
{
"name": "VIOL_HEADER_REPEATED",
"block": true
},
{
"name": "VIOL_MANDATORY_HEADER",
"block": true
}
]
},
"headers": [
{
"name": "MyHeader",
"type": "explicit",
"decodeValueAsBase64": "disabled",
"htmlNormalization": false,
"mandatory": false,
"allowRepeatedOccurrences": true,
"checkSignatures": false
}
]
}
}