HTTP Header Insertion
To enable the firewall to manage web application access by inserting HTTP headers and their values into HTTP requests, select ObjectsSecurity ProfilesURL FilteringHTTP Header Insertion
You can create insertion entries based on a predefined HTTP header insertion type or you can create your own custom type. Header insertion is typically performed for custom HTTP headers but you can also insert standard HTTP headers.
Header insertion occurs when:
- An HTTP request matches a security policy rule with one or more configured HTTP header insertion entries.
- A specified domain matches the one found in the HTTP Host header.
- The action is anything other than Block.
The firewall can perform HTTP header insertion only for the GET, POST, PUT, and HEAD methods.
If you enable HTTP header insertion and the identified header is missing from a request, the firewall inserts the header. If the identified header already exists in the request, then the firewall overwrites the header values with the values that you specify.
Add an insertion entry or select an existing insertion entry to modify it. When needed, you can also select an insertion entry and then Delete it.
The default block list action for a new HTTP header insertion entry is Block. If you want a different action, go to URL Filtering Categories and select the appropriate action. Alternatively, add the insertion entry to a profile that is configured with the desired action.
HTTP Header Insertion Settings
The name for this HTTP header insertion entry.
The type of entry you want to create. Entries can either be predefined or custom. Predefined entries are populated and maintained using content updates.
Header insertion occurs when a domain in this list matches the Host header of the HTTP request.
If you are creating a predefined entry, the domain list is predefined in a content update. This is sufficient for most use cases but you can add or delete domains as needed.
To create a custom entry, Add at least one domain to this list.
Each domain name can be up to 256 characters and you can identify a maximum of 50 domains for each entry. Wildcards (for example, *.example.com) are allowed.
When you create a predefined entry, the Header list is pre-populated by a content update. This is sufficient for most use cases but you can add or delete headers as needed.
When you create a custom entry, add one or more headers (up to a total of five) to this list .
Header names can have up to 100 characters but cannot include spaces.
(Required) The header value is dependent on whether you are enabling or disabling access to the specified web application and what that web application requires for you to achieve your goal. This value can be a maximum of 512 characters.
Select Log to enable logging of this header insertion entry.
Use HTTP Headers to Manage SaaS Application Access
Use Palo Alto Networks® firewall URL profiles to insert custom headers into HTTP requests so that you can control access to differing versions of web ...
Create HTTP Header Insertion Entries using Predefined Types
You can create HTTP Header Insertion rules based on types that are predefined by Palo Alto Networks® for popular SaaS applications. ...
Create Custom HTTP Header Insertion Entries
Create custom HTTP Header Insertion rules for your Palo Alto Networks® firewall. ...
Domains used by the Predefined SaaS Application Types
List of domains you use for header insertion rules when using predefined HTTP header insertion rules. ...
Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall. ...
Objects > Security Profiles > URL Filtering
Objects > Security Profiles > URL Filtering You can use URL filtering profiles to not only control access to web content, but also to control ...
Application Whitelist Example
Application Whitelist Example Keep in mind that you do not need to capture every application that might be in use on your network in your ...
Device > Server Profiles > HTTP
Device > Server Profiles > HTTP Select Device Server Profiles HTTP or Panorama Server Profiles HTTP to configure a server profile for forwarding logs. You ...