To enable the firewall to manage web application access
by inserting HTTP headers and their values into HTTP requests, select
HTTP Header Insertion
You can create insertion entries based on a predefined HTTP header
insertion type or you can create your own custom type. Header insertion
is typically performed for custom HTTP headers but you can also
insert standard HTTP headers.
Header insertion occurs when:
An HTTP request matches a security policy rule with one
or more configured HTTP header insertion entries.
A specified domain matches the one found in the HTTP Host
The firewall can perform HTTP header insertion only for
the GET, POST, PUT, and HEAD methods.
If you enable HTTP header insertion and the identified header
is missing from a request, the firewall inserts the header. If the
identified header already exists in the request, then the firewall
overwrites the header values with the values that you specify.
an insertion entry or select an existing
insertion entry to modify it. When needed, you can also select an
insertion entry and then
The default block list action for a new HTTP header insertion
. If you want a different action,
go to URL
Filtering Overrides and select the appropriate action. Alternatively,
add the insertion entry to a profile that is configured with the
HTTP Header Insertion
The name for this HTTP header insertion
The type of entry you want to create. Entries
can either be predefined or custom. Predefined entries are populated
and maintained using content updates.
Header insertion occurs when a domain in
this list matches the Host header of the HTTP request.
you are creating a predefined entry, the domain list is predefined in
a content update. This is sufficient for most use cases but you
can add or delete domains as needed.
To create a custom entry,
least one domain to this list.
Each domain name can be up
to 256 characters and you can identify a maximum of 50 domains for
each entry. Wildcards (for example, *.example.com) are allowed.
When you create a predefined entry, the
Header list is pre-populated by a content update. This is sufficient
for most use cases but you can add or delete headers as needed.
you create a custom entry, add one or more headers (up to a total
of five) to this list .
Header names can have up to 100 characters
but cannot include spaces.
) The header value is
dependent on whether you are enabling or disabling access to the
specified web application and what that web application requires
for you to achieve your goal. This value can be a maximum of 512