HTTP Header Profile

HTTP Header Profile

HTTP headers are used in Real-time Protection policies to match against various fields in the HTTP Request and Response headers. Currently, while configuring a Real-time Protection policy, the list of available attributes are based on the traits of the source web-client (User, OS, Browser) and the destination web-domain (App, Activity, Category).

You can create many combinations of these policy attributes to enforce their security compliance objectives. The HTTP header profile expands the policy framework with an option to specify and evaluate HTTP headers during real-time processing of web traffic. This provides more granular control by making available the option to include HTTP header parameters along with the other existing parameters.

Once an HTTP header profile is created, you can select it from a Real-time Protection policy.

Creating HTTP Header Profiles

  1. To create an HTTP header profile, navigate to Policies > HTTP Header.
  2. Click the NewHTTPheaderProfile.png button. The New HTTP Header Profile page opens.
  3. Enter a Name for the HTTP Header profile.
  4. Use the RequestResponseTabs.png tabs to specify HTTP Header fields that you want to match against. All the header fields are “AND”ed together, and all the values in a single header field are “OR”ed together.

    Tip

    No wildcard or substring support at this time, exact match only.

    The following table lists and describes some examples of the fields available in the Request and Response tabs when creating a new HTTP Header profile. For a full list of available fields, see the Netskope UI.

    FieldAttribute TypeValue Example
    Accept-EncodingString Arbiter (exact match)
    Case-insensitive
    gzip
    deflate
    HostString Arbiter (exact match)
    Case-insensitive
    en.wikipedia.org:8080
    en.wikipedia.org
    RefererString Arbiter (exact match)
    Case-insensitive
    http://en.wikipedia.org/wiki/Main_Page
    MethodString Arbiter (exact match)
    Case-insensitive
    get
    post
    put
    Content-EncodingString Arbiter (exact match)
    Case-insensitive
    gzip
    Content-TypeString Arbiter (exact match)
    Case-insensitive
    application/x-www-form-urlencoded
    OriginStringhttps://www.google.com
    UpgradeString Arbiter (exact match)
    Case-insensitive
    Example 1 Upgrade: websocket

    Example 2 Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11

    In the Request tab, the default Request fields are Method and Host. Click the Add Request Fields dropdown to add more fields.

    HTTP-Header-Profile-Add-Request-Fields.png

    In the Response tab, the default Response field is Content-Type. Click the Add Response Fields dropdown to add more fields.

    HTTP-Header-Profile-Add-Response-Fields.png

    For certain header fields, you can click + Add to add more attributes to the field.

    HTTP-Header-Profile-Add-More-Attributes.png
  5. You can create custom HTTP header fields for your profile, which also allows you to create additional standard HTTP header fields.

    Note

    Once the extended HTTP headers feature is enabled and you create new fields, this feature can’t be downgraded. All existing HTTP header profiles that you created prior to upgrading will be migrated and continue to work.

    To add a custom header field:

    1. Click Custom from the Add Request Fields or Add Response Fields dropdown. The new custom header field appears.
      Custom-HTTP-Header-Field.png
    2. Enter a new name for the header field. The name must be unique and different from the existing default header fields.
    3. Select an attribute from the dropdown and enter a value for the custom field. You can configure the following attributes for the field:
      • Regex: Enter the regular expressions you want to match against.
      • Exact Match: Enter the values you want to match against, separated by commas.
      • Numerical: Select an operator and enter the numerical values you want to match against.
    4. Click + Add to add more attributes for the field. You can configure Regex and Exact Match attributes together for your field. However, you can’t add Numerical attributes together with Regex or Exact Match attributes.
      Example-Custom-HTTP-Header-Field.png
  6. You can use HTTP header profiles to block WebDAV traffic. Netskope recommends blocking all WebDAV HTTP methods and headers in your policy.

    To block WebDAV traffic:

    1. On the New HTTP Header Profile page, go to the Request tab.
    2. In the Method field, select the methods defined in the WebDAV extension. Available WebDAV HTTP methods include: move, copy, mkcol, propfind, proppatch, lock, and unlock.
      HTTP-Header-Profile-Add-WebDAV-Methods.png
    3. (Optional) You can select additional header fields to block WebDAV traffic. Click Add Request Fields and Add Response Fields to select and configure the WebDAV headers. Keep in mind that all the header fields are “AND”ed together, and all the values in a single header field are “OR”ed together. Available WebDAV headers include: DAV, Depth, Destination, If, Lock-Token, and Overwrite.
      WebDAV-HTTP-Headers.png
  7. Click Save to add the HTTP Header profile to the Profiles list.

Using the HTTP Header Page

HTTP-Header-List-Page.png

From the HTTP Header list page:

  • (Optional) You can sort your HTTP Header profiles by profile names.
HTTP-Header-Sort-by.png
  • Click the ellipses at the end of the profile name to edit or delete an HTTP Header profile.
HTTP-Header-Profile-Edit-Delete.png
  • You can select the checkbox to the left of the profile names to bulk delete profiles.
HTTP-Header-Profile-Bulk-Delete.png

Adding HTTP Header Profiles to Real-time Protection Policies

You can add any HTTP Header profile to a Real-time Protection policy. Navigate to the Real-time Protection policies list page.

Real-Time-Protection-HTTP-Header.png

HTTP Header profiles encapsulate different fields of an HTTP Header. Click in the HTTP Header field to add from the list.

If you do not have any existing profiles, you can create one directly from the policy creation page. Click the gear icon to open the HTTP Header Profiles list page in a separate tab.

Real-Time-Protection-HTTP-Header-Gear.png

See the Real-time Protection Policies topic for additional information creating policies.

Share this Doc

HTTP Header Profile

Or copy link

In this topic ...