set service-system-default HTTP ips-settings

Description

Configures IPS settings of the built-in HTTP service object.

Syntax

set service-system-default HTTP ips-settings [ non-standard-ports-action <non-standard-ports-action>] [ non-standard-ports-track <non-standard-ports-track> ] [ parser-failure-action <parser-failure-action> ] [ parser-failure-track <parser-failure-track> ] [ strict-request <strict-request> ] [ strict-response <strict-response> ] [ split-url <split-url> ] [ no-colon <no-colon> ] [ tab-as-seperator <tab-as-seperator>] [ duplicate-content-length <duplicate-content-length> ] [ duplicate-host <duplicate-host> ] [ responses <responses> ] [ invalid-chunk <invalid-chunk> ] [ empty-value <empty-value> ] [ post <post>] [ recursive-url <recursive-url> ] [ trailing-whitespaces <trailing-whitespaces> ]

Parameters

Parameter	Description
duplicate-content-length	True to block duplicate Content-Length' header with same value. Type: Boolean (true/false)
duplicate-host	True to block duplicate 'Host' header with same value. Type: Boolean (true/false)
empty-value	True to block HTTP header with empty value. Type: Boolean (true/false)
invalid-chunk	True if invalid chunk. Type: Boolean (true/false)
no-colon	True to block HTTP header with no colon. Type: Boolean (true/false)
non-standard-ports-action	Select action for connection over non standard ports (allowed values are 'Accept' and 'Block'). Options: block, accept
non-standard-ports-track	Select track option for connection over non standard ports (allowed values are 'log', 'alert' and 'don't log') . Options: none, log, alert
parser-failure-action	Select action for when the parser fails (allowed values are 'Accept' and 'Block'). Options: block, accept
parser-failure-track	Select track option for when the parser fails (allowed values are 'log', 'alert' and 'don't log'). Options: none, log, alert
post	True to block requests with 'POST' method and without 'Content-Type' header. Type: Boolean (true/false)
recursive-url	True to block HTTP requests with recursive URL encoding. Type: Boolean (true/false)
responses	True to block responses with both 'Content-Length' and 'Transfer-Encoding'headers. Type: Boolean (true/false)
split-url	True to split the URL between the query and fragment sections instructs the HTTP protections to inspect the query and fragment sections separately. Type: Boolean (true/false)
strict-request	True to enforce strict HTTP request parsing. Type: Boolean (true/false)
strict-response	True to enforce strict HTTP response parsing. Type: Boolean (true/false)
tab-as-seperator	True to block HTTP traffic with 'tab' character as a separator. Type: Boolean (true/false)
trailing-whitespaces	True to block request header names with trailing whitespaces. Type: Boolean (true/false)

Example

set service-system-default HTTP ips-settings non-standard-ports-action block non-standard-ports-track none parser-failure-action block parser-failure-track none strict-request true strict-response true split-url true no-colon true tab-as-seperator true duplicate-content-length true duplicate-host true responses true invalid-chunk true empty-value true post true recursive-url true trailing-whitespaces true