4.7 Block URL Requests

📘 Overview

The Block Request module allows you to block HTTP requests based on specific key-value matches found in either query strings (GET) or form data (POST). This helps prevent suspicious or unwanted data from reaching your application.

🛠️ How It Works

You define two simple parameters:

• Request Key Value – The name of the request parameter to monitor (e.g., search, token, redirect)

• Request Content – The exact value that should be blocked (e.g., SELECT, javascript:, admin)

If the system detects a request with that key and matching value, it blocks the request immediately.

⚙️ How to Add a Blocking Rule

1. Go to Security Rules > Block URL Request Parameters

2. Click Block Request

3. Fill in:

   • Enter Request Key Value: the parameter name to inspect

   • Enter Request Content: the value to block

4. Click Block

5. The rule is now active and will block matching requests

📋 Example Use Cases

• Block search=SELECT to prevent SQL Injection attempts

• Block redirect=javascript: to mitigate Open Redirects

• Block token=admin123 to prevent brute-force token usage

🔐 Why It Matters

By inspecting incoming request parameters, this feature allows early detection of payload-based attacks. It helps reduce exposure to:

• SQL Injection (SQLi)

• Cross-Site Scripting (XSS)

• Command Injection

• Open Redirects

🎯 Blocking malicious key-value combinations at the request level helps neutralize attacks before they reach your backend systems.