ParameterValidationFilter
The filter ParameterValidationFilter checks parameters from the query and the body.
ch::nevis::nevisproxy::filter::validation::ParameterValidationFilter
libValidationFilters.so.1
+NEEDS_PARAMS
Configuration
ParameterRules
Type: Newline-separated list of rules
Syntax: [RuleID:<rulename>:]<name-regexp>:<value-regexp>:<action>[:<logmode>][:<status-code>]
Usage Constraints: required, conditional
Supported pragmas: break, continue (default)
Defines the rules to apply to form parameters or query parameters, in order to block or pass the request.
<rulename>
: The name of this rule.<name-regexp>
: The regular expression for the name.<value-regexp>
: The regular expression for the value.<action>
:- allow: If the name/value matches the
<name-regexp>/<value-regexp>
, the request is allowed (unless another rule blocks it). - required: If no name/value matches the
<name-regexp>/<value-regexp>
, the request is blocked (except when the parameter BlockOnError is set to "off" or "log"). - deny: If the name/value matches the
<name-regexp>/<value-regexp>
, the request is blocked (except when the parameter BlockOnError is set to "off" or "log").
- allow: If the name/value matches the
<logmode>
:- log: If you select this log mode, the system will trace an error in case the actions "deny" or "required" occur. This is the default log mode for these actions.
- silent: If you select this log mode, the system will trace an info if the actions "deny" or "required" occur. In case of an occurrence of the action "allowed", the system traces a debug message. The "silent" log mode is the default log mode for the action "allowed".
<status-code>
: The status code (StatusCode) to return if the request is blocked.
You can only use one rule at a time per parameter. The other rules are then silently dropped. If a parameter matches no rule, the parameter will be allowed silently.
BlockOnError
Type: enum
Possible values: on, off, log
Usage Constraints: optional, basic, conditional
Supported pragmas: break
Default: on
List of conditions defining for which requests the system must perform parameter validation.
The following example ensures that all requests with Content-Type header = application/x-www-form-urlencoded
contain valid parameters as per the configured constraints. No other requests will be processed.
Condition:HEADER:Content-Type: application/x-www-form-urlencoded
on
off