(default) HTTP Response Splitting
Deny Rule Group – (default) HTTP Response Splitting

HRS

  • Prevents HTTP response splitting by blocking injection of an HTML response body or response header.

Included Deny Rules

Rule name
Legacy
Basic
Standard
Strict
(default 05) HTTP response splitting rule
Icon - ON
(default HPE_001a) Response header injection in parameter value
Icon - ON
(default HPE_005a) Critical response header injection in parameter value
Icon - ON
Icon - ON
(default HPE_010a) Response body injection in parameter value
Icon - ON
(default HPE_015a) Critical response body injection in parameter value
Icon - ON
Icon - ON