HEADER FIELD VALUE
Set Header Field Value Policy
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE]
Configures policies to detect security threats by inspecting the Value of HTTP request headers. Administrators can register security patterns to detect for specific header values.
Header field names to be inspected are managed in the [TEMPLATE] > [HEADER FIELDS] menu. For details, please refer to the Manage Header Fields page.
Header field items with policies configured will display a 'V' check mark in the list on the left.
Header Field Required Check
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE]
Checks whether a specific required header field is included in the client request. If the specified required header is missing, action is taken according to the set response method.
Enter Header Field Value Policy
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE] > (Select Header Field) > [ADD POLICY]
Configures detailed security pattern inspection settings to be applied to the selected header field value. Selecting a target from the header field list and clicking the [ADD POLICY] button opens the settings window. After completing the settings and clicking [SAVE], the policy is added, and the details are recorded in the audit log.
| Item | Description |
|---|---|
| ID | The unique identifier ID of the security pattern (or pattern group). |
| PATTERN | Select the security pattern to apply for header value inspection. You can select an entire pattern group from the tree structure list or select individual patterns under it. |
| RISK | Displays the risk level (High/Medium/Low) of the security pattern. • System Pattern: The default risk level provided by DeepFinder is applied. • User Pattern: The risk level set by the administrator when creating the pattern is displayed. |
| ACTION | Select the action to perform upon policy violation (pattern match). • NONE: Does not apply the policy. • ALLOW: Allows the connection and skips the next policy check. • DENY: Immediately blocks the connection and skips the next policy check. • REDIRECT: Blocks the connection and redirects to the specified block page. • DETECT: Records a detection log only and continues to check the next policy without blocking. |
| LOG TYPE | Selects the detail level of the log to record upon detection. (NONE / LOW / FULL) |
Set Header Field Value Policy Priority
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE] > (Select Header Field) > [ADD POLICY] > (Adjust Priority)
Changes the inspection order between registered policies. The lower the priority number (closer to 1), the earlier it is inspected. After adjusting the order, click [SAVE] to apply the settings.
Set Header Field Value Change Policy
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE] > (Select Response Header Field)
This policy modifies the value of the Response header sent by the server to the client. Select the response header field to modify, enter the 'NEW TEXT' to be exposed to the client, and click [SAVE] to apply. Target header fields can be managed in the [TEMPLATE] > [HEADER FIELDS] menu.
Note
Purpose of Header Field Modification
HTTP communication consists of Requests and Responses. While the header name/value policies described earlier inspect request data, Header Field Value Change controls response data.
It is primarily used to enhance security by modifying header information such as Server or X-Powered-By to hide the type and version information of the web server or WAS. (Security through Obscurity)