Restrict Request Headers
A request header is an HTTP header that can be used in an HTTP request to provide information about the
request context, so that the server can tailor the response. For example, the Accept- headers indicate the
allowed and preferred formats of the response.
Threat actors attempting to gain control of websites will typically inject code into a request header. If the
website is not protected, it may "dump" memory back as the reply – allowing the threat actor to possibly have
access to passwords and usernames that are active.
By enabling this feature, the SonicWall SMA 100 series will not allow anything except what is expected in the
header – thus not allowing for injection type attacks on the webservice.
SonicWall SMA 100 Series
20
Security Best Practice Guide