Section – HTTP Parameter Pollution Detection - Mixed Types
This feature prevents HTTP parameter pollution attempts using duplicate parameters with the same name but different types. Parameter names are treated case-insensitively. The following parameter types are distinguished:
- Query parameters
- Path parameters.
- A path segment is interpreted as a parameter if it matches the pattern
name=value;.
- A path segment is interpreted as a parameter if it matches the pattern
- Additional query parameters for encrypted URLs.
- POST parameter
GUI | Description |
|---|---|
Block duplicate parameters | If enabled, requests are blocked when the same parameter name is used across different parameter types — e.g., a request is blocked if the parameter |
Log only | If enabled, threat handling for duplicate parameters is set to log only instead of blocking. |
Parameter name exception pattern | Use the exception pattern to exclude parameters from the parameter pollution detection. |
