Skip to main content
Version: 7.2402.x.x RR

ParameterValidationFilter

The filter ParameterValidationFilter checks parameters from the query and the body.

Classname
ch::nevis::nevisproxy::filter::validation::ParameterValidationFilter
Library
libValidationFilters.so.1

Configuration

ParameterRules

  • Type: Newline-separated list of rules
  • Usage Constraints: required, conditional
  • Supported pragmas: break, continue (default)

Defines the rules to apply to form parameters or query parameters, in order to block or pass the request.

A parameter rule has the following format:

[RuleID:<rulename>:]<name-regexp>:<value-regexp>:<action>[:<logmode>][:<status-code>]
  • <rulename>: The name of this rule.
  • <name-regexp>: The regular expression for the name.
  • <value-regexp>: The regular expression for the value.
  • <action>:
    • allow: If the name/value matches the <name-regexp>/<value-regexp>, the request is allowed (unless another rule blocks it).
    • required: If no name/value matches the <name-regexp>/<value-regexp>, the request is blocked (except when the parameter BlockOnError is set to "off" or "log").
    • deny: If the name/value matches the <name-regexp>/<value-regexp>, the request is blocked (except when the parameter BlockOnError is set to "off" or "log").
  • <logmode>:
    • log: If you select this log mode, the system will trace an error in case the actions "deny" or "required" occur. This is the default log mode for these actions.
    • silent: If you select this log mode, the system will trace an info if the actions "deny" or "required" occur. In case of an occurrence of the action "allowed", the system traces a debug message. The "silent" log mode is the default log mode for the action "allowed".
  • <status-code>: The status code (StatusCode) to return if the request is blocked.

You can only use one rule at a time per parameter. The other rules are then silently dropped. If a parameter matches no rule, the parameter will be allowed silently.

BlockOnError

  • Type: enum (on|off|log)
  • Usage Constraints: optional, basic, conditional
  • Supported pragmas: break
  • Default: on

List of conditions defining for which requests the system must perform parameter validation. The following example ensures that all requests with Content-Type header = application/x-www-form-urlencoded contain valid parameters as per the configured constraints. No other requests will be processed.

Sample:
Condition:HEADER:Content-Type: application/x-www-form-urlencoded
on
off