HTTP Request Body Inspection for Web Application Firewall
Manage HTTP Request Body Inspection in Web Application Firewall.
HTTP request body inspection instructs the web application firewall policy to buffer the request body in memory and inspect it before sending the request headers and the buffered request body to the backend. If HTTP request body inspection does not occur, the request body is always streamed to the backends (assuming the request headers have not triggered any protection rules).
You can enable the HTTP request body inspection feature when you add your request protection rule, or update an existing protection rule to include it. Only those protection capabilities that have body inspection conditions can use this feature.
You can configure the body inspection settings by accessing the View and Edit Rules Settings dialog box through the process of editing of the protection rule. See Editing a Request Protection Rule for more information. In the View and Edit Rules Settings dialog box, specify how many bytes in each request body are to be inspected in the Maximum Number of Bytes Allowed field. The inspection amount ranges from 0 to 8192 bytes. The initial number of bytes you specify here are inspected for each request body. If the number of message bytes exceeds the limit you set, you can select a resulting action from the Action taken if limit has been exceeded list. The pre-defined actions are:
-
Inspect Partial Body and Continue: The body is inspected to the specified size limit. No further action is taken if that limit is exceeded. This selection is equal to the "None" selection.
-
Preconfigured 401 Response Code Action: This is a dynamic action. Each time you can define a different set of actions, but they all are going to be with the "Return HTTP Response" type.
You can also create a custom action. See Actions for more information.
A request protection rule using body inspection is indicated as being Enabled in the Request Protections Rules list under the Body Inspection column.
Enabling this feature can result in latency of message traffic because of the additional time required to inspect the message body.