Valid Request Handler
Purpose
The Valid Request Handler checks the validity of a request to ensure that it observes the syntax rules of the HTTP protocol and HTML code.
If the request contains syntax errors, vWAF denies the request with the HTTP error code 403 (Forbidden). When the Valid Request Handler is inactive, the query would be forwarded to the web application. The web application, the script language or even a database might then have problems in processing incorrectly coded characters, and in the worst case scenario, this would mean that an attack could be possible.
For more information regarding adding and editing Handlers, see Editing Handlers.
Severity
Events triggered by this handler are given the severity: low. (For details on severity levels, see Severity of Events Triggered by Handlers).
Recommendations for use
This handler should always be active.
Attributes
Attribute | Meaning |
---|---|
allowedProtocols |
List of the permissible protocol versions in accordance with the syntax specified in the HTTP protocol. Examples: HTTP/1.0 HTTP/1.1 |
allow proxy requests |
By default, vWAF accepts only normal requests but denies proxy requests. If you enable this option, vWAF also accepts proxy requests. You can use this, for example, to control access between two protected networks. |
remove URIparameter |
Activate this option if you want vWAF to remove all parameters from requests. In this case vWAF deletes all elements in the URI path that are separated by a semicolon. |
usertext |
Optional: Here you can specify some text that vWAF adds to the log file entries created by this handler. You can use this, for example, to document why you've added the handler to your configuration, and how the handler is intended to behave. |
enable logging |
Disable this option if you do not want vWAF to create a log file entry when the handler is executed. This can be useful to keep log files smaller in case the handler creates a large number of entries but you don't need these entries. When in detection mode, disabling logging de facto makes the handler ineffective. Disabling logging also prevents the actions of the handler from being taken into account for the Top-10 lists in Attack Analysis, and from being listed in Reports. To decrease the size of the log files, also consider to enable reduced logging, which excludes all non-handler-related information from the log files (see Editing Applications). |
For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.