Imperva Cyber Community

Dear all,

Imperva WAF has it's default number of allowed headers per request/response to perform security checking. However, nowadays it seems quite common that security & network devices would insert some headers into the request and consequently it becomes much easier to trigger the Too Many Headers per Request/Response violations with the default value. I think the Imperva WAF checking is good and I don't prefer to add exception to bypass that. Instead, I would like to know if there is any way to modify the default value of allowed headers per request/response to match our application environment?

Thank you.
#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ken Chau
IT Manager
------------------------------

Hello Ken,

Thank you for the post, yes you are correct we have default values for these parameters,

------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------

Original Message:
Sent: 08-25-2022 05:05
From: Ken Chau
Subject: Modified the default allowed number of headers per request/response?

Dear all,

Imperva WAF has it's default number of allowed headers per request/response to perform security checking. However, nowadays it seems quite common that security & network devices would insert some headers into the request and consequently it becomes much easier to trigger the Too Many Headers per Request/Response violations with the default value. I think the Imperva WAF checking is good and I don't prefer to add exception to bypass that. Instead, I would like to know if there is any way to modify the default value of allowed headers per request/response to match our application environment?

Thank you.
#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ken Chau
IT Manager
------------------------------