4.5 Block POST Values

📘 Overview

The Block POST Values module allows you to block incoming HTTP POST requests based on specific field names and values in the request body. This helps stop malicious or unwanted content before it reaches your backend.

🛠️ How It Works

You define two things:

  • POST Key: The name of the POST parameter you want to inspect (e.g., message, username, comment, bio)

  • POST Content: The exact value to block within that field

If a match is found, the request is immediately blocked at the edge.

⚙️ How to Add a Block Rule

  1. Go to Security Rules > Block POST Values

  2. Click Add New Rule

  3. Enter:

    • Enter Post Key: the POST parameter to monitor

    • Enter Post Content: the value that should trigger blocking

  4. Click Block

  5. The rule is enforced instantly

📋 Example Use Case

  • Block POSTs where the field comment contains the value buy now

  • Block username field if it contains admin (to prevent impersonation)

🔐 Why This Matters

Blocking harmful content at the POST layer helps prevent:

  • Spam submissions in contact forms or comments

  • Basic SQL injection or XSS payloads

  • Unwanted automated POSTs or abuse attempts

This feature acts as a first line of defense.

🎯 POST Value Blocking is a fast and simple way to filter out known bad inputs before they can do harm.

Previous4.4 HTTP Header FilteringNext4.6 Custom Headers

Last updated