Filter request methods: HTTP is allowed, but after this function is enabled, HTTP requests will be disabled. Specifically, the selected HTTP request methods will be considered abnormal and blocked, as shown below.

Check HTTP header field: The Referer, User-Agent, and Host fields in the HTTP header can be checked for SQL injection and other attacks.

To use this function, enable web protection "SQL Injection" in the Web app protection policy, as shown below.

If the Host field is selected, when the system detects an SQL injection attack, and the attack type marked by the data center is still SQL injection, the Host field in the header of the HTTP packet will be intercepted.

Check for overflow: Overlong HTTP fields are prevented to avoid overflow, as shown below.

URL length detection: Select URL length detection and set the maximum length to prevent buffer overflow.

POST entity overflow: Select POST entity overflow and set the maximum length of the entity part of the POST data to prevent overflow of the data received by the server.

HTTP header overflow: Select HTTP header overflow and click Add to set the maximum length of the specified field in the HTTP header to detect excessive length.

Lock byte range: Select Lock byte range and set the number of allowed ranges to prevent the number of range fields from exceeding the allowed value.

Detect protocol anomalies: Protect ASP and ASPX pages from multi-parameter attacks caused by incorrect server processing when multiple parameters are requested. Meanwhile, the following items are enabled: Detect multipart header anomaly, Check whether Content-Type header field is repetitive, Detect chunk header anomaly in the request stream, Check whether charset header field in the request stream is repetitive, and Detect content-length header anomaly in the request stream.