Imperva Cyber Community

 View Only
  • 1.  Modified the default allowed number of headers per request/response?

    Posted 08-25-2022 05:06
    Dear all,

    Imperva WAF has it's default number of allowed headers per request/response to perform security checking. However, nowadays it seems quite common that security & network devices would insert some headers into the request and consequently it becomes much easier to trigger the Too Many Headers per Request/Response violations with the default value. I think the Imperva WAF checking is good and I don't prefer to add exception to bypass that. Instead, I would like to know if there is any way to modify the default value of allowed headers per request/response to match our application environment?

    Thank you.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------


  • 2.  RE: Modified the default allowed number of headers per request/response?

    Posted 08-25-2022 06:34
    Hello Ken,

    Thank you for the post, yes you are correct we have default values for these parameters,

    Too Many Headers per Request : Allowed Number of Requests: default - 25.

    Too Many Headers per Response : Allowed Number of Responses: default - 20

    Defaults: Disabled; Severity - Low; Action - None.

    These are default values however you can go ahead and change these values as per your requirement, to make the changes you can navigate to Main > Policies > Http protocol policy,



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------