.. _waf_template_http_protocol_check:

waf template http-protocol-check
================================

HTTP protocol compliance check


http-protocol-check Specification
---------------------------------

	===================================== ================================================================================
	 **Parameter**                         **Value** 

	===================================== ================================================================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      http-protocol-check

	 **Element URI**                       /axapi/v3/waf/template/{name}/http-protocol-check

	 **Element Attributes**                http-protocol-check_attributes

	 **Partition Visibility**              shared

	 **Schema**                             :download:`http-protocol-check schema <waf-template-http-protocol-check/waf-template-http-protocol-check.txt>`
	===================================== ================================================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/http-protocol-check



.. raw:: html

   </td><td valign = 'top'>


:ref:`3281_http-protocol-check_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/http-protocol-check



.. raw:: html

   </td><td valign = 'top'>


:ref:`3281_http-protocol-check_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/http-protocol-check



.. raw:: html

   </td><td valign = 'top'>


:ref:`3281_http-protocol-check_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/http-protocol-check



.. raw:: html

   </td><td valign = 'top'>


:ref:`3281_http-protocol-check_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/http-protocol-check



.. raw:: html

   </td><td valign = 'top'>


:ref:`3281_http-protocol-check_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   </table>

.. _3281_http-protocol-check_attributes:

http-protocol-check attributes
------------------------------

    **allowed-headers**

        **Description** Enable allowed-headers check (default disabled)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **allowed-headers-list**

        **Description** Allowed HTTP headers. Default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list) (Allowed HTTP headers (default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list)))

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 1023 characters

        **Maximum Length:** 1 characters

        **Default:** Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length

    **allowed-methods**

        **Description** Enable allowed-methods check (default disabled)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **allowed-methods-list**

        **Description** List of allowed HTTP methods. Default is "GET POST". (List of HTTP methods allowed (default "GET POST"))

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 1023 characters

        **Maximum Length:** 1 characters

        **Default:** GET POST

    **allowed-versions**

        **Description** Enable allowed-versions check (default disabled)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **allowed-versions-list**

        **Description** List of allowed HTTP versions (default "1.0 1.1 2")

        **Type:** string

        **Format:** enum-list

        **Default:** 1.0,1.1,2

    **bad-multipart-request**

        **Description** Check for bad multipart/form-data request body

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **body-without-content-type**

        **Description** Check for Body request without Content-Type header in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **disable**

        **Description** Disable all checks for HTTP protocol compliance

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **get-with-content**

        **Description** Check for GET request with Content-Length headers in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **head-with-content**

        **Description** Check for HEAD request with Content-Length headers in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **host-header-with-ip**

        **Description** Check for Host header with IP address

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **invalid-url-encoding**

        **Description** Check for invalid URL encoding in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **malformed-content-length**

        **Description** Check for malformed content-length in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **malformed-header**

        **Description** Check for malformed HTTP header

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **malformed-parameter**

        **Description** Check for malformed HTTP query/POST parameter

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **malformed-request**

        **Description** Check for malformed HTTP request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **malformed-request-line**

        **Description** Check for malformed HTTP request line

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **missing-header-value**

        **Description** Check for missing header value in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **missing-host-header**

        **Description** Check for missing Host header in HTTP/1.1 request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **multiple-content-length**

        **Description** Check for multiple Content-Length headers in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **non-ssl-cookie-prefix**

        **Description** Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **post-with-0-content**

        **Description** Check for POST request with Content-Length 0

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **post-without-content**

        **Description** Check for POST request without Content-Length/Chunked Encoding headers in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **post-without-content-type**

        **Description** Check for POST request without Content-Type header in request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters