Netskope Help

HTTP Header Profile

HTTP headers are used in Real-time Protection policies to match against various fields in the HTTP Request and Response headers. Currently, while configuring aReal-time Protection policy the list of available attributes are based on the traits of the source web-client (User, OS, Browser) and the destination web-domain (App, Activity, Category).

Admins can create many combinations of these policy attributes to enforce their security compliance objectives. The HTTP header profile expands the policy framework with an option to specify and evaluate HTTP headers during real-time processing of web traffic. This provides more granular control by making available the option to include HTTP header parameters along with the other existing parameters.

Once an HTTP header profile is created, you can select it from a Real-time Protection policy.

  1. To create an HTTP header profile, navigate to Policies > Profiles section > HTTP Header.

  2. Click the NewHTTPheaderProfile.png button. The Create HTTP Header Profile page opens.

  3. Enter a name for the HTTP Header profile.

  4. Use the RequestResponseTabs.png tabs to specify HTTP Header fields that you want to match against. All the header fields are "AND"ed together, and all the values in a single header field are "OR"ed together.

    Tip

    No wildcard or substring support at this time, exact match only.

  5. Click the More Request Fields dropdown to add more fields to the Request tab. The default Request fields are Method and Host.

    MoreRequestFields.png
  6. Click the More Response Fields dropdown to add more fields to the Response tab. The default Response field is Content-Type but you can also add Content-Encoding.

    MoreResponseFields.png
  7. Click Save to add the HTTP Header profile to the Profiles list.

    HTTPHeaderListPage.png
  8. Optionally, from the list page, you can 'Sort by:' the profile name.

  9. From the list page, click the ellipses at the end of the profile name to edit or delete an HTTP Header profile.

  10. From the list page, you can select the checkbox to the left of the profile name(s) to bulk delete profiles.

The following table lists and describes the fields available in the Request and Response tabs when creating a new HTTP Header profile.

FIELD

ATTRIBUTE TYPE

VALUE EXAMPLE

Accept-Encoding

String Arbiter (exact match)

Case-insensitive

gzip

deflate

Host

String Arbiter (exact match)

Case-insensitive

en.wikipedia.org:8080

en.wikipedia.org

Referer

String Arbiter (exact match)

Case-insensitive

netskope.com

Method

String Arbiter (exact match)

Case-insensitive

netskope.com

Content-Encoding

String Arbiter (exact match)

Case-insensitive

gzip

Content-Type

String Arbiter (exact match)

Case-insensitive

application/x-www-form-urlencoded

You can add any HTTP Header profile to a Real-time Protection policy. Navigate to Policies > Real-time Protection policies list page.

RTPhttpHeaderAddCriteria.png

HTTP Header profiles encapsulate different fields of an HTTP Header. Click in the HTTP Header field to add from the list.

If you do not have any existing profiles, you can create one directly from the policy creation page. Click the gear icon to open the HTTP Header Profiles list page in a separate tab.

RTPhttpHeaderAddSource.png

See the Real-time Protection Policies topic for additional information creating policies.