# 4.7 Block URL Requests

#### 📘 Overview

The **Block Request** module allows you to block HTTP requests based on specific key-value matches found in either query strings (GET) or form data (POST).\
This helps prevent suspicious or unwanted data from reaching your application.

***

#### 🛠️ How It Works

You define two simple parameters:

* **Request Key Value** – The name of the request parameter to monitor (e.g., `search`, `token`, `redirect`)
* **Request Content** – The exact value that should be blocked (e.g., `SELECT`, `javascript:`, `admin`)

If the system detects a request with that key and matching value, it blocks the request immediately.

***

#### ⚙️ How to Add a Blocking Rule

1. Go to **Security Rules > Block URL Request Parameters**
2. Click **Block Request**
3. Fill in:
   * `Enter Request Key Value`: the parameter name to inspect
   * `Enter Request Content`: the value to block
4. Click **Block**
5. The rule is now active and will block matching requests

<figure><img src="https://1888569782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fj6f1XtdOtNUZVCRH9J44%2Fuploads%2FO7ZyMOBPfj5VkxaPeVfL%2Fimage.png?alt=media&#x26;token=44edd9c7-fb2e-4553-812d-196371d20ecc" alt=""><figcaption></figcaption></figure>

***

#### 📋 Example Use Cases

* Block `search=SELECT` to prevent SQL Injection attempts
* Block `redirect=javascript:` to mitigate Open Redirects
* Block `token=admin123` to prevent brute-force token usage

***

#### 🔐 Why It Matters

By inspecting incoming request parameters, this feature allows early detection of payload-based attacks.\
It helps reduce exposure to:

* SQL Injection (SQLi)
* Cross-Site Scripting (XSS)
* Command Injection
* Open Redirects

***

🎯 **Blocking malicious key-value combinations at the request level helps neutralize attacks before they reach your backend systems.**