Deny Rule Group – (default) HTTP Response Splitting

HRS

  • Prevents HTTP response splitting by blocking injection of an HTML response body or response header.

Included Deny Rules

Rule name

Basic

Standard

Strict

(default 05) HTTP response splitting rule

(default HPE_001a) Response header injection in parameter value

Icon - ON

(default HPE_005a) Critical response header injection in parameter value

Icon - ON

Icon - ON

(default HPE_010a) Response body injection in parameter value

Icon - ON

(default HPE_015a) Critical response body injection in parameter value

Icon - ON

Icon - ON