Skip to content

Header

About

General View of Header

The view when a new path is added under the Header tab is as shown below. By clicking the Add Common Rule for Header button, Header control is opened for the relevant path. Before clicking the Add Common Rule for Header button, it appears as Rule Source > All Paths. The reason for this is that no Header control has been made on the relevant path, so the Header control has been inherited from All Paths. If it were inherited through a Glob Path the Rule Source would be Related Glob Path (/admin/login.*).

LOGO

Example Header Variable Name and Variable Value

LOGO

Interface

Add Common Rule for Header Screen

LOGO

Add Common Rule for Header Form

- Virtual Host Group

The information about which Virtual Host Group the modified path belongs to is displayed.

- Path

The information of the path where changes are made is displayed.

- Area

The information of the control field where changes are made is displayed.

- Argument Name

The information of the control field where changes are made is displayed.

- Header Key Length

The length of each variable in Header is filtered according to the number of characters.

- Header Key Count

The total number of headers is filtered.

- Header Size

It is filtered according to the total number of characters in the Header.

- Allowed Header Arguments

Permitted Header variables are used to determine the Headers that can be sent to the relevant path. If entered permitted Headers, no request can be made to the relevant path with any Header other than these Headers, and it will be blocked.

- Header Must Arguments

Mandatory Header variables are used to define variables that must be present in the request to the relevant path. If there is no mandatory Header variable in the request, the request cannot be made and will be blocked.

LOGO

The permitted and mandatory variables shown in the figure can be explained as follows: Host, Connection and Accept-Encoding headers are defined. The client can only make a request with Host, Connection and Accept-Encoding headers. If they try to make a request with different headers, it will be blocked. In the case of mandatory headers, Host and Connection headers are defined. In such a case, the client can use Host, Connection and Accept-Encoding headers but cannot make a request without Host and Connection headers and will be blocked.

- Value Length

The value length of each variable in Header is filtered according to the number of characters.

- OWASP Check

Selection is made whether each variable and value of the Header should be subjected to OWASP check.

- OWASP Exclusions

After OWASP protection is activated, OWASP Rules that are desired to be excluded can be added as exceptions according to the structure of the incoming request.

- Detailed Log

It determines whether the variable or value for which an attack detection is made in the WAF log will be written in the description section.

- Value Regex Pattern

It is used in cases where it is desired to limit the value of the variable with RegEx.

- Max. Repeat

It determines how many times the same Header information can be repeated at most.

- Add

By clicking the Add button, the Header general setting is added.

- Display in TR7 ASP Interface After Adding Check Field

After adding the Header check field, the display in the TR7 ASP interface is as follows when clicked on the relevant path.

LOGO

Interface

Add Argument Rule for Header Screen

By clicking the Add Argument Rule for Header button, new definitions can be added specifically to a Header variable, apart from the general setting.

The TR7 WAF has custom header variable settings defined.

LOGO

LOGO

Add Argument Rule for Header Form

- Virtual Host Group

The information about which Virtual Host Group the modified path belongs to is displayed.

- Path

The information of the path where changes are made is displayed.

- Area

The information of the control field where changes are made is displayed.

- Argument Name

The name of the relevant Header is entered, as the changes will be defined specifically for a single Header.

- Value Length

The length of the specified Header variable is filtered according to the number of characters.

- OWASP Check

Selection is made whether the variable and value of the specified Header should be subjected to OWASP check.

- OWASP Exclusions

After OWASP protection is activated, OWASP Rules that are desired to be excluded can be added as exceptions according to the structure of the incoming request.

- Detailed Log

It determines whether the variable or value for which an attack detection is made in the WAF log will be written in the description section.

- Value Regex Pattern

It is used in cases where it is desired to limit the value of the variable with RegEx.

- Max. Repeat

It determines how many times the same Header variable name can be repeated at most.

- Add

By clicking the Add button, the Header variable setting is added.