HTTP Header Insertion
To enable the firewall to manage web application access
by inserting HTTP headers and their values into HTTP requests, select .
Objects
Security Profiles
URL Filtering
HTTP Header Insertion
The firewall supports header insertion for HTTP/1.x traffic
only; the firewall does not support header insertion for HTTP/2
traffic.
You can create insertion entries based on a predefined HTTP header
insertion type or you can create your own custom type. Header insertion
is typically performed for custom HTTP headers but you can also
insert standard HTTP headers.
Header insertion occurs when:
- An HTTP request matches a Security policy rule with one or more configured HTTP header insertion entries.
- A specified domain matches the domain found in the HTTP Host header.
- The action is anything other thanblock.
The firewall can perform HTTP header insertion only for
the GET, POST, PUT, and HEAD methods.
If you enable HTTP header insertion and the identified header
is missing from a request, the firewall inserts the header. If the
identified header already exists in the request, then the firewall
overwrites the header values with the values that you specify.
Add
an insertion entry or select an existing
insertion entry to modify it. When needed, you can also select an
insertion entry and Delete
it. The default block list action for a new HTTP header insertion
entry is
Block
. If you want a different action,
go to URL Filtering Categories and select
the appropriate action. Alternatively, add the insertion entry to
a profile that is configured with the desired action. HTTP Header Insertion Settings | Description |
---|---|
Name | The Name for this
HTTP header insertion entry. |
Type | The Type of entry
you want to create. Entries can be either predefined or custom.
The firewall uses content updates to populate and maintain predefined
entries.If you want to include the username in the HTTP header,
select Dynamic Fields . |
Domains | Header insertion occurs when a domain in
this list matches the Host header of the HTTP request. If
you are creating a predefined entry, the domain list is predefined
in a content update. This is sufficient for most use cases but you
can add or delete domains as needed. If you want to create
a custom entry, Add at least one domain to
this list. Each domain name can be up to 256 characters and
you can identify a maximum of 50 domains for each entry. You can
use an asterisk (*) as a wildcard character, which matches any request
to the specified domain (for example, *.etrade.com). |
Header | When you create a predefined entry, the
Header list is pre-populated by a content update. This is sufficient
for most use cases but you can add or delete headers as needed. When
you create a custom entry, add one or more headers (up to a total
of five) to this list. Header names can have up to 100 characters
but cannot include spaces. If you want to include the username
in the HTTP header, select X-Authenticated-User then
select the Value , or Add a
new header. |
Value | Configure the Value using
a maximum of 512 characters. The header value varies depending on
what information you want to include in the HTTP header for the
specified domains. For example, manage user access to SaaS applications by selecting predefined types or by
using custom entries. To
include the username in the HTTP header, select the domain and username
format that the security appliance requires:
Alternatively,
enter a custom format using the ($user) and ($domain) dynamic
tokens (for example, ($user)@($domain) ). The
firewall populates the user and domain dynamic tokens using the
primary username in the group mapping profile. Use each ($user) and ($domain) dynamic
token only once per value. |
Log | Select Log to enable
logging of this header insertion entry. |
Recommended For You
Recommended Videos
Recommended videos not found.