Skip to content

Header Field Policy Settings

[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD NAME]

[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [HEADER FIELD VALUE]

Configures policies to detect and block abnormal requests by inspecting the Header Field of HTTP packets. The policies are divided into Header Field Name inspection and Header Field Value inspection.
DeepFinder provides a standard list of HTTP header fields by default, and detailed security policies can be applied to each field.

  • Security Pattern Settings: Managed in the [TEMPLATE] > [SECURITY PATTERN] menu. For details, refer to the Security Pattern page.
  • Header Field Management: Managed in the [TEMPLATE] > [HEADER FIELDS] menu. For details, refer to the Manage Header Fields page.

Header Field Policy

Note

Importance of the User-Agent Field
Among header fields, the User-Agent contains important information that can identify the client's web browser, operating system (OS), and type of bot or crawler.
Since it serves as a key clue to identify tools or proxy servers used by attackers in the event of a breach, it is strongly recommended to configure security policies (value validation, malicious bot detection, etc.) for the User-Agent field.