The Hypertext Transfer Protocol (HTTP) is primarily used to transfer information from Web servers to Web clients. The security device compares actual HTTP traffic with maximum settings of what you consider to be normal HTTP traffic. The security device considers any traffic exceeding such settings as anomalous.
To modify one or more of the following settings for HTTP, enter a new value in the Current column for the parameter you want to adjust, and then click Apply:
Maximum Request Length: Specifies the maximum number of bytes for an HTTP request, which includes information such as a network resource identifier, the method to apply to the resource, and the protocol version. Minimum: 1; maximum: 8192; default: 8192.
Maximum Header Length: Specifies the maximum number of bytes for an HTTP packet header. Minimum: 1; maximum: 8192; default: 8192.
Maximum Cookie Length: Specifies the maximum number of bytes in a cookie. Minimum: 1; maximum: 8192; default: 8192.
Note: Cookies that exceed the cookie length setting can match the protocol anomaly HTTP-HEADER-OVERFLOW and produce unnecessary log records. If the security device generates too many log records for this anomaly, increase the cookie length setting.
Maximum Content Type Length: Specifies the maximum number of bytes for a HTTP header Content Type field. This field specifies the media type of the data contained in the HTTP packet. Minimum: 1; maximum: 8192; default: 512.
Maximum User Agent Length: Specifies the maximum number of bytes for a HTTP header user-agent field, which contains information about the user agent that originated the request. Minimum: 1; maximum: 8192; default: 256.
Maximum Host Length: Specifies the maximum number of bytes for a HTTP header host, which can be an Internet host domain name or IP address. Minimum: 1; maximum: 8192; default: 64.
Maximum Referer Length: Specifies the maximum number of bytes for the header referer field, which the client uses to specify the address URI (Uniform Resource Identifier). The URI is a formatted string that identifies a network resource by a characteristic such as a name or a location. Minimum: 1; maximum: 8192; default: 8192.
Maximum Number of Login Failures per Minute: Specifies the maximum number of failed login attempts per minute to an HTTP server from a single host. Minimum: 2; maximum: 100; default: 8.
Maximum Number of 301/403/404 or 405 Errors per Minute: Specifies the maximum number of HTTP errors per minute. If the security device detects more HTTP 301 (Moved Permanently), 403 (Forbidden), 404 (Not Found), and 405 (Method Not Allowed) errors than the specified maximum, the device considers it an anomalous event. Minimum: 2; maximum: 100; default: 16.
Use Alternate Ports as HTTP Service: Enables or disables the inspection of HTTP traffic on the default HTTP port of 80 as well as on the following ports: 7001, 8000, 8001, 8100, 8200, 8080, 8888, and 9080. A value of 0 disables HTTP traffic inspection on these alternative ports, and 1 enables it. By default, this is enabled.