Skip to main content

Netskope Help

HTTP Header Profile

HTTP headers are used in Real-time Protection policies to match against various fields in the HTTP Request and Response headers. Currently, while configuring a Real-time Protection policy, the list of available attributes are based on the traits of the source web-client (User, OS, Browser) and the destination web-domain (App, Activity, Category).

You can create many combinations of these policy attributes to enforce their security compliance objectives. The HTTP header profile expands the policy framework with an option to specify and evaluate HTTP headers during real-time processing of web traffic. This provides more granular control by making available the option to include HTTP header parameters along with the other existing parameters.

Once an HTTP header profile is created, you can select it from a Real-time Protection policy.

Creating HTTP Header Profiles

  1. To create an HTTP header profile, navigate to Policies > HTTP Header.

  2. Click the NewHTTPheaderProfile.png button. The New HTTP Header Profile page opens.

  3. Enter a Name for the HTTP Header profile.

  4. Use the RequestResponseTabs.png tabs to specify HTTP Header fields that you want to match against. All the header fields are "AND"ed together, and all the values in a single header field are "OR"ed together.

    Tip

    No wildcard or substring support at this time, exact match only.

    The following table lists and describes examples of the fields available in the Request and Response tabs when creating a new HTTP Header profile.

    FIELD

    ATTRIBUTE TYPE

    VALUE EXAMPLE

    Accept-Encoding

    String Arbiter (exact match)

    Case-insensitive

    gzip

    deflate

    Host

    String Arbiter (exact match)

    Case-insensitive

    en.wikipedia.org:8080

    en.wikipedia.org

    Referer

    String Arbiter (exact match)

    Case-insensitive

    http://en.wikipedia.org/wiki/Main_Page

    Method

    String Arbiter (exact match)

    Case-insensitive

    get

    post

    put

    Content-Encoding

    String Arbiter (exact match)

    Case-insensitive

    gzip

    Content-Type

    String Arbiter (exact match)

    Case-insensitive

    application/x-www-form-urlencoded

    Origin

    String

    https://www.google.com

    Upgrade

    String Arbiter (exact match)

    Case-insensitive

    Example 1 Upgrade: websocket

    Example 2 Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11

    In the Request tab, the default Request fields are Method and Host. Click the Add Request Fields dropdown to add more fields.

    HTTP-Header-Profile-Add-Request-Fields.png

    In the Response tab, the default Response field is Content-Type. Click the Add Response Fields dropdown to add more fields.

    HTTP-Header-Profile-Add-Response-Fields.png

    For certain header fields, you can click + Add to add more attributes to the field.

    HTTP-Header-Profile-Add-More-Attributes.png
  5. You can create custom HTTP header fields for your profile, which also allows you to create additional standard HTTP header fields.

    Note

    This feature is in Controlled GA. If you want to enable this feature in your tenant, contact your sales team.

    Once the extended HTTP headers feature is enabled and you create new fields, this feature can't be downgraded. All existing HTTP header profiles that you created prior to upgrading will be migrated and continue to work.

    To add a custom header field:

    1. Click Custom from the Add Request Fields or Add Response Fields dropdown. The new custom header field appears.

      Custom-HTTP-Header-Field.png
    2. Enter a new name for the header field. The name must be unique and different from the existing default header fields.

    3. Select an attribute from the dropdown and enter a value for the custom field. You can configure the following attributes for the field:

      • Regex: Enter the regular expressions you want to match against.

      • Exact Match: Enter the values you want to match against, separated by commas.

      • Numerical: Select an operator and enter the numerical values you want to match against.

    4. Click + Add to add more attributes for the field. You can configure Regex and Exact Match attributes together for your field. However, you can’t add Numerical attributes together with Regex or Exact Match attributes.

      Example-Custom-HTTP-Header-Field.png
  6. You can use HTTP header profiles to block WebDAV traffic. Netskope recommends blocking all WebDAV HTTP methods and headers in your policy.

    Note

    To ensure that WebDAV traffic reaches the Netskope cloud, you must uncheck the Perform SNI (Server Name Indication) check option for the Client Configuration. If this option is checked, traffic will be bypassed at the client.

    To block WebDAV traffic:

    1. On the New HTTP Header Profile page, go to the Request tab.

    2. In the Method field, select the methods defined in the WebDAV extension. Available WebDAV HTTP methods include: move, copy, mkcol, propfind, proppatch, lock, and unlock.

      HTTP-Header-Profile-Add-WebDAV-Methods.png
    3. (Optional) You can select additional header fields to block WebDAV traffic. Click Add Request Fields and Add Response Fields to select and configure the WebDAV headers. Keep in mind that all the header fields are "AND"ed together, and all the values in a single header field are "OR"ed together. Available WebDAV headers include: DAV, Depth, Destination, If, Lock-Token, and Overwrite.

      WebDAV-HTTP-Headers.png
  7. Click Save to add the HTTP Header profile to the Profiles list.

Using the HTTP Header Page

HTTP-Header-List-Page.png

From the HTTP Header list page:

  • (Optional) You can sort your HTTP Header profiles by profile names.

HTTP-Header-Sort-by.png
  • Click the ellipses at the end of the profile name to edit or delete an HTTP Header profile.

HTTP-Header-Profile-Edit-Delete.png
  • You can select the checkbox to the left of the profile names to bulk delete profiles.

HTTP-Header-Profile-Bulk-Delete.png

Adding HTTP Header Profiles to Real-time Protection Policies

You can add any HTTP Header profile to a Real-time Protection policy. Navigate to the Real-time Protection policies list page.

Real-Time-Protection-HTTP-Header.png

HTTP Header profiles encapsulate different fields of an HTTP Header. Click in the HTTP Header field to add from the list.

If you do not have any existing profiles, you can create one directly from the policy creation page. Click the gear icon to open the HTTP Header Profiles list page in a separate tab.

Real-Time-Protection-HTTP-Header-Gear.png

See the Real-time Protection Policies topic for additional information creating policies.