Invalid Parameter Handler
Purpose
The Invalid Parameter Handler prevents manipulated URI parameters from reaching your web application.
A parameter is only valid if it matches at least one of the regular expressions given under valid-parameters and at the same time does not match any of the regular expressions given under invalid-parameters.
For more information regarding adding and editing Handlers, see Editing Handlers.
Severity
Events triggered by this handler are given the severity: high. (For details on severity levels, see Severity of Events Triggered by Handlers).
Recommendations for use
Use the Invalid Parameter Handler if you want to prevent or restrict the use of URI parameters.
This handler doesn’t check the normal arguments of the request, such as the arguments of input fields for example. If you want to check these arguments, use the Invalid Args Handler.
Attributes
| Attribute | Meaning |
|---|---|
|
ignore case invalid key value pattern |
Enable this option if you want the pattern given for invalid parameters to apply to any combination of upper case and lower case letters. For example, the statement ^hello$ then matches "hello" as well as "Hello", "HELLO" or "HeLLo". This can significantly simplify your regular expressions. |
|
invalid parameters |
Blacklist of regular expressions describing the pattern of invalid arguments. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed. For details on the syntax, see Regular Expressions. |
|
ignore case valid key value pattern |
Enable this option if you want the pattern given for valid parameters to apply to any combination of upper case and lower case letters. For example, the statement ^hello$ then matches "hello" as well as "Hello", "HELLO" or "HeLLo". This can significantly simplify your regular expressions. |
|
valid parameters |
Whitelist of regular expressions describing the pattern of valid arguments. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed . For details on the syntax, see Regular Expressions. |
|
error code |
HTTP error code that vWAF returns when the request matches one of the regular expressions given under invalid parameters or doesn't match any of the regular expressions given under valid parameters.. (For an overview of possible error codes, see HTTP Error Codes.) |
|
usertext |
Optional: Here you can specify some text that vWAF adds to the log file entries created by this handler. You can use this, for example, to document why you've added the handler to your configuration, and how the handler is intended to behave. |
|
enable logging |
Disable this option if you do not want vWAF to create a log file entry when the handler is executed. This can be useful to keep log files smaller in case the handler creates a large number of entries but you don't need these entries. When in detection mode, disabling logging de facto makes the handler ineffective. Disabling logging also prevents the actions of the handler from being taken into account for the Top-10 lists in Attack Analysis, and from being listed in Reports. To decrease the size of the log files, also consider to enable reduced logging, which excludes all non-handler-related information from the log files (see Editing Applications). |
For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.