Home > Configuration > Application Firewall > setappfwprofile_refererheadercheck

setappfwprofile_refererheadercheck

Use this method to set enable validation of Referer headers.
Referer validation ensures that a web form that a user sends to your web site originally came from your web site, not an outside attacker.
Although this parameter is part of the Start URL check, referer validation protects against cross-site request forgery (CSRF) attacks, not Start URL attacks.

Syntax



Parameters

name

Name of the profile that you want to modify.
This is mandatory parameter.

refererheadercheck

Enable validation of Referer headers. Referer validation ensures that a web form that a user sends to your web site originally came from your web site, not an outside attacker. Although this parameter is part of the Start URL check, referer validation protects against cross-site request forgery (CSRF) attacks, not Start URL attacks.
Default value = AS_HEADER_CHECK_OFF.
Possible Values : OFF, if_present, AlwaysExceptStartURLs, AlwaysExceptFirstRequest.

Return Value

Returns simpleResult

See Also

addappfwprofile

archiveappfwprofile

bindappfwprofile_blockkeyword

bindappfwprofile_bypasslist

bindappfwprofile_cmdinjection

bindappfwprofile_comment

bindappfwprofile_confidfield

bindappfwprofile_contenttype

bindappfwprofile_cookieconsistency

bindappfwprofile_creditcardnumber

bindappfwprofile_crosssitescripting

bindappfwprofile_csrftag

bindappfwprofile_denylist

bindappfwprofile_denyurl

bindappfwprofile_excluderescontenttype

bindappfwprofile_fakeaccount

bindappfwprofile_fieldconsistency

bindappfwprofile_fieldformat

bindappfwprofile_fileuploadtype

bindappfwprofile_grpcvalidation

bindappfwprofile_isautodeployed

bindappfwprofile_jsonblockkeyword

bindappfwprofile_jsoncmdurl

bindappfwprofile_jsondosurl

bindappfwprofile_jsonsqlurl

bindappfwprofile_jsonxssurl

bindappfwprofile_logexpression

bindappfwprofile_resourceid

bindappfwprofile_restvalidation

bindappfwprofile_ruletype

bindappfwprofile_safeobject

bindappfwprofile_sqlinjection

bindappfwprofile_starturl

bindappfwprofile_state

bindappfwprofile_trustedlearningclients

bindappfwprofile_xmlattachmenturl

bindappfwprofile_xmldosurl

bindappfwprofile_xmlsqlinjection

bindappfwprofile_xmlvalidationurl

bindappfwprofile_xmlwsiurl

bindappfwprofile_xmlxss

getappfwprofile

restoreappfwprofile

rmappfwprofile

setappfwprofile_addcookieflags

setappfwprofile_apispec

setappfwprofile_blockkeywordaction

setappfwprofile_bufferoverflowaction

setappfwprofile_bufferoverflowmaxcookielength

setappfwprofile_bufferoverflowmaxheaderlength

setappfwprofile_bufferoverflowmaxquerylength

setappfwprofile_bufferoverflowmaxtotalheaderlength

setappfwprofile_bufferoverflowmaxurllength

setappfwprofile_bypasslist

setappfwprofile_canonicalizehtmlresponse

setappfwprofile_ceflogging

setappfwprofile_checkrequestheaders

setappfwprofile_clientipexpression

setappfwprofile_cmdinjectionaction

setappfwprofile_cmdinjectiongrammar

setappfwprofile_cmdinjectiontype

setappfwprofile_comment

setappfwprofile_contenttypeaction

setappfwprofile_cookieconsistencyaction

setappfwprofile_cookieencryption

setappfwprofile_cookiehijackingaction

setappfwprofile_cookieproxying

setappfwprofile_cookiesamesiteattribute

setappfwprofile_cookietransforms

setappfwprofile_creditcard

setappfwprofile_creditcardaction

setappfwprofile_creditcardmaxallowed

setappfwprofile_creditcardxout

setappfwprofile_crosssitescriptingaction

setappfwprofile_crosssitescriptingcheckcompleteurls

setappfwprofile_crosssitescriptingtransformunsafehtml

setappfwprofile_csrftagaction

setappfwprofile_defaultcharset

setappfwprofile_defaultfieldformatmaxlength

setappfwprofile_defaultfieldformatmaxoccurrences

setappfwprofile_defaultfieldformatminlength

setappfwprofile_defaultfieldformattype

setappfwprofile_denylist

setappfwprofile_denyurlaction

setappfwprofile_dosecurecreditcardlogging

setappfwprofile_dynamiclearning

setappfwprofile_enableformtagging

setappfwprofile_errorurl

setappfwprofile_excludefileuploadfromchecks

setappfwprofile_exemptclosureurlsfromsecuritychecks

setappfwprofile_fakeaccountdetection

setappfwprofile_fieldconsistencyaction

setappfwprofile_fieldformataction

setappfwprofile_fieldscan

setappfwprofile_fieldscanlimit

setappfwprofile_fileuploadmaxnum

setappfwprofile_fileuploadtypesaction

setappfwprofile_geolocationlogging

setappfwprofile_grpcaction

setappfwprofile_htmlerrorobject

setappfwprofile_htmlerrorstatuscode

setappfwprofile_htmlerrorstatusmessage

setappfwprofile_infercontenttypexmlpayloadaction

setappfwprofile_insertcookiesamesiteattribute

setappfwprofile_inspectcontenttypes

setappfwprofile_inspectquerycontenttypes

setappfwprofile_invalidpercenthandling

setappfwprofile_jsonblockkeywordaction

setappfwprofile_jsoncmdinjectionaction

setappfwprofile_jsoncmdinjectiongrammar

setappfwprofile_jsoncmdinjectiontype

setappfwprofile_jsondosaction

setappfwprofile_jsonerrorobject

setappfwprofile_jsonerrorstatuscode

setappfwprofile_jsonerrorstatusmessage

setappfwprofile_jsonfieldscan

setappfwprofile_jsonfieldscanlimit

setappfwprofile_jsonmessagescan

setappfwprofile_jsonmessagescanlimit

setappfwprofile_jsonsqlinjectionaction

setappfwprofile_jsonsqlinjectiongrammar

setappfwprofile_jsonsqlinjectiontype

setappfwprofile_jsonxssaction

setappfwprofile_logeverypolicyhit

setappfwprofile_messagescan

setappfwprofile_messagescanlimit

setappfwprofile_messagescanlimitcontenttypes

setappfwprofile_multipleheaderaction

setappfwprofile_optimizepartialreqs

setappfwprofile_percentdecoderecursively

setappfwprofile_postbodylimit

setappfwprofile_postbodylimitaction

setappfwprofile_postbodylimitsignature

setappfwprofile_protofileobject

setappfwprofile_requestcontenttype

setappfwprofile_responsecontenttype

setappfwprofile_restaction

setappfwprofile_rfcprofile

setappfwprofile_semicolonfieldseparator

setappfwprofile_sessioncookie

setappfwprofile_sessionlessfieldconsistency

setappfwprofile_sessionlessurlclosure

setappfwprofile_signatures

setappfwprofile_sqlinjectionaction

setappfwprofile_sqlinjectionchecksqlwildchars

setappfwprofile_sqlinjectiongrammar

setappfwprofile_sqlinjectionparsecomments

setappfwprofile_sqlinjectionruletype

setappfwprofile_sqlinjectiontransformspecialchars

setappfwprofile_sqlinjectiontype

setappfwprofile_starturlaction

setappfwprofile_starturlclosure

setappfwprofile_streaming

setappfwprofile_striphtmlcomments

setappfwprofile_stripxmlcomments

setappfwprofile_trace

setappfwprofile_type

setappfwprofile_urldecoderequestcookies

setappfwprofile_usehtmlerrorobject

setappfwprofile_verboseloglevel

setappfwprofile_xmlattachmentaction

setappfwprofile_xmldosaction

setappfwprofile_xmlerrorobject

setappfwprofile_xmlerrorstatuscode

setappfwprofile_xmlerrorstatusmessage

setappfwprofile_xmlformataction

setappfwprofile_xmlsoapfaultaction

setappfwprofile_xmlsqlinjectionaction

setappfwprofile_xmlsqlinjectionchecksqlwildchars

setappfwprofile_xmlsqlinjectionparsecomments

setappfwprofile_xmlsqlinjectiontype

setappfwprofile_xmlvalidationaction

setappfwprofile_xmlwsiaction

setappfwprofile_xmlxssaction

statappfwprofile

unbindappfwprofile_blockkeyword

unbindappfwprofile_bypasslist

unbindappfwprofile_cmdinjection

unbindappfwprofile_confidfield

unbindappfwprofile_contenttype

unbindappfwprofile_cookieconsistency

unbindappfwprofile_creditcardnumber

unbindappfwprofile_crosssitescripting

unbindappfwprofile_csrftag

unbindappfwprofile_denylist

unbindappfwprofile_denyurl

unbindappfwprofile_excluderescontenttype

unbindappfwprofile_fakeaccount

unbindappfwprofile_fieldconsistency

unbindappfwprofile_fieldformat

unbindappfwprofile_fileuploadtype

unbindappfwprofile_grpcvalidation

unbindappfwprofile_jsonblockkeyword

unbindappfwprofile_jsoncmdurl

unbindappfwprofile_jsondosurl

unbindappfwprofile_jsonsqlurl

unbindappfwprofile_jsonxssurl

unbindappfwprofile_logexpression

unbindappfwprofile_restvalidation

unbindappfwprofile_ruletype

unbindappfwprofile_safeobject

unbindappfwprofile_sqlinjection

unbindappfwprofile_starturl

unbindappfwprofile_trustedlearningclients

unbindappfwprofile_xmlattachmenturl

unbindappfwprofile_xmldosurl

unbindappfwprofile_xmlsqlinjection

unbindappfwprofile_xmlvalidationurl

unbindappfwprofile_xmlwsiurl

unbindappfwprofile_xmlxss

unsetappfwprofile_addcookieflags

unsetappfwprofile_apispec

unsetappfwprofile_blockkeywordaction

unsetappfwprofile_bufferoverflowaction

unsetappfwprofile_bufferoverflowmaxcookielength

unsetappfwprofile_bufferoverflowmaxheaderlength

unsetappfwprofile_bufferoverflowmaxquerylength

unsetappfwprofile_bufferoverflowmaxtotalheaderlength

unsetappfwprofile_bufferoverflowmaxurllength

unsetappfwprofile_bypasslist

unsetappfwprofile_canonicalizehtmlresponse

unsetappfwprofile_ceflogging

unsetappfwprofile_checkrequestheaders

unsetappfwprofile_clientipexpression

unsetappfwprofile_cmdinjectionaction

unsetappfwprofile_cmdinjectiongrammar

unsetappfwprofile_cmdinjectiontype

unsetappfwprofile_comment

unsetappfwprofile_contenttypeaction

unsetappfwprofile_cookieconsistencyaction

unsetappfwprofile_cookieencryption

unsetappfwprofile_cookiehijackingaction

unsetappfwprofile_cookieproxying

unsetappfwprofile_cookiesamesiteattribute

unsetappfwprofile_cookietransforms

unsetappfwprofile_creditcard

unsetappfwprofile_creditcardaction

unsetappfwprofile_creditcardmaxallowed

unsetappfwprofile_creditcardxout

unsetappfwprofile_crosssitescriptingaction

unsetappfwprofile_crosssitescriptingcheckcompleteurls

unsetappfwprofile_crosssitescriptingtransformunsafehtml

unsetappfwprofile_csrftagaction

unsetappfwprofile_defaultcharset

unsetappfwprofile_defaultfieldformatmaxlength

unsetappfwprofile_defaultfieldformatmaxoccurrences

unsetappfwprofile_defaultfieldformatminlength

unsetappfwprofile_defaultfieldformattype

unsetappfwprofile_denylist

unsetappfwprofile_denyurlaction

unsetappfwprofile_dosecurecreditcardlogging

unsetappfwprofile_dynamiclearning

unsetappfwprofile_enableformtagging

unsetappfwprofile_errorurl

unsetappfwprofile_excludefileuploadfromchecks

unsetappfwprofile_exemptclosureurlsfromsecuritychecks

unsetappfwprofile_fakeaccountdetection

unsetappfwprofile_fieldconsistencyaction

unsetappfwprofile_fieldformataction

unsetappfwprofile_fieldscan

unsetappfwprofile_fieldscanlimit

unsetappfwprofile_fileuploadmaxnum

unsetappfwprofile_fileuploadtypesaction

unsetappfwprofile_geolocationlogging

unsetappfwprofile_grpcaction

unsetappfwprofile_htmlerrorobject

unsetappfwprofile_htmlerrorstatuscode

unsetappfwprofile_htmlerrorstatusmessage

unsetappfwprofile_infercontenttypexmlpayloadaction

unsetappfwprofile_insertcookiesamesiteattribute

unsetappfwprofile_inspectcontenttypes

unsetappfwprofile_inspectquerycontenttypes

unsetappfwprofile_invalidpercenthandling

unsetappfwprofile_jsonblockkeywordaction

unsetappfwprofile_jsoncmdinjectionaction

unsetappfwprofile_jsoncmdinjectiongrammar

unsetappfwprofile_jsoncmdinjectiontype

unsetappfwprofile_jsondosaction

unsetappfwprofile_jsonerrorobject

unsetappfwprofile_jsonerrorstatuscode

unsetappfwprofile_jsonerrorstatusmessage

unsetappfwprofile_jsonfieldscan

unsetappfwprofile_jsonfieldscanlimit

unsetappfwprofile_jsonmessagescan

unsetappfwprofile_jsonmessagescanlimit

unsetappfwprofile_jsonsqlinjectionaction

unsetappfwprofile_jsonsqlinjectiongrammar

unsetappfwprofile_jsonsqlinjectiontype

unsetappfwprofile_jsonxssaction

unsetappfwprofile_logeverypolicyhit

unsetappfwprofile_messagescan

unsetappfwprofile_messagescanlimit

unsetappfwprofile_messagescanlimitcontenttypes

unsetappfwprofile_multipleheaderaction

unsetappfwprofile_optimizepartialreqs

unsetappfwprofile_percentdecoderecursively

unsetappfwprofile_postbodylimit

unsetappfwprofile_postbodylimitaction

unsetappfwprofile_postbodylimitsignature

unsetappfwprofile_protofileobject

unsetappfwprofile_refererheadercheck

unsetappfwprofile_requestcontenttype

unsetappfwprofile_responsecontenttype

unsetappfwprofile_restaction

unsetappfwprofile_rfcprofile

unsetappfwprofile_semicolonfieldseparator

unsetappfwprofile_sessioncookie

unsetappfwprofile_sessionlessfieldconsistency

unsetappfwprofile_sessionlessurlclosure

unsetappfwprofile_signatures

unsetappfwprofile_sqlinjectionaction

unsetappfwprofile_sqlinjectionchecksqlwildchars

unsetappfwprofile_sqlinjectiongrammar

unsetappfwprofile_sqlinjectionparsecomments

unsetappfwprofile_sqlinjectionruletype

unsetappfwprofile_sqlinjectiontransformspecialchars

unsetappfwprofile_sqlinjectiontype

unsetappfwprofile_starturlaction

unsetappfwprofile_starturlclosure

unsetappfwprofile_streaming

unsetappfwprofile_striphtmlcomments

unsetappfwprofile_stripxmlcomments

unsetappfwprofile_trace

unsetappfwprofile_type

unsetappfwprofile_urldecoderequestcookies

unsetappfwprofile_usehtmlerrorobject

unsetappfwprofile_verboseloglevel

unsetappfwprofile_xmlattachmentaction

unsetappfwprofile_xmldosaction

unsetappfwprofile_xmlerrorobject

unsetappfwprofile_xmlerrorstatuscode

unsetappfwprofile_xmlerrorstatusmessage

unsetappfwprofile_xmlformataction

unsetappfwprofile_xmlsoapfaultaction

unsetappfwprofile_xmlsqlinjectionaction

unsetappfwprofile_xmlsqlinjectionchecksqlwildchars

unsetappfwprofile_xmlsqlinjectionparsecomments

unsetappfwprofile_xmlsqlinjectiontype

unsetappfwprofile_xmlvalidationaction

unsetappfwprofile_xmlwsiaction

unsetappfwprofile_xmlxssaction