LogoLogo
  • ShieldsGuard - User Guide
  • Installation Steps
    • Shields Guard Installation
    • Shields Guard SEG Installation
  • Getting Started
    • 1. General Welcome and Site Management Panel
    • 2. Overview
      • 2.1 Today's Data
      • 2.2 Country Statistics
      • 2.3 URL Statistics
      • 2.4 IP Statistics
      • 2.5 HTTP Status Statistics
    • 3. Protection
      • 3.1 DDoS Protection
        • 3.1.1 Google Recaptcha Setup
        • 3.1.2 Friendly Captcha Setup
      • 3.2 WAF – Web Application Firewall
    • 4. Security Rules
      • 4.1 BlackList & WhiteList
      • 4.2 User Agent Filtering
      • 4.3 Query String Filtering
      • 4.4 HTTP Header Filtering
      • 4.5 Block POST Values
      • 4.6 Custom Headers
      • 4.7 Block URL Requests
      • 4.8 URL Path Blocking
      • 4.9 Encrypt Path
      • 4.10 Remove Request Value
      • 4.11 Exclude Directories from Protection
    • 5. Logs
      • 5.1 Access Log
      • 5.2 Security Log
    • 6. Asset Management
      • 6.1 Asset Management
      • 6.2 Network Topology
      • 6.3 Vulnerability Scan
    • 7. Access
  • 8. DNS
  • 9. SSL
  • 10. Subdomain Manage
  • 11. Edit Page
  • ShieldsGuard SEG
    • 1. SEG Dashboard
    • 2. Reporting
    • 3. Analyzed
      • 3.1 Files
      • 3.2 URL
      • 3.3 Mail
      • 3.4 Domain
    • 4. Mail Settings
      • 4.1 File
      • 4.2 Mail Body
      • 4.3 Sender Domain
Powered by GitBook
On this page
Export as PDF
  1. Getting Started
  2. 4. Security Rules

4.7 Block URL Requests

📘 Overview

The Block Request module allows you to block HTTP requests based on specific key-value matches found in either query strings (GET) or form data (POST). This helps prevent suspicious or unwanted data from reaching your application.

🛠️ How It Works

You define two simple parameters:

  • Request Key Value – The name of the request parameter to monitor (e.g., search, token, redirect)

  • Request Content – The exact value that should be blocked (e.g., SELECT, javascript:, admin)

If the system detects a request with that key and matching value, it blocks the request immediately.

⚙️ How to Add a Blocking Rule

  1. Go to Security Rules > Block URL Request Parameters

  2. Click Block Request

  3. Fill in:

    • Enter Request Key Value: the parameter name to inspect

    • Enter Request Content: the value to block

  4. Click Block

  5. The rule is now active and will block matching requests

📋 Example Use Cases

  • Block search=SELECT to prevent SQL Injection attempts

  • Block redirect=javascript: to mitigate Open Redirects

  • Block token=admin123 to prevent brute-force token usage

🔐 Why It Matters

By inspecting incoming request parameters, this feature allows early detection of payload-based attacks. It helps reduce exposure to:

  • SQL Injection (SQLi)

  • Cross-Site Scripting (XSS)

  • Command Injection

  • Open Redirects

🎯 Blocking malicious key-value combinations at the request level helps neutralize attacks before they reach your backend systems.

Previous4.6 Custom HeadersNext4.8 URL Path Blocking

Last updated 9 days ago