文档中心 API Shield Product Feature Request Method Limiting

Request Method Limiting

更新时间:2022-12-23 16:31:08

1 Feature Intro

1.1 Brief Inrtoduction

Identifies illegal request methods and blocks malicious requests accurately, to ensure the security of the APIs.

2 Feature Detail

2.1 Request Method Limiting

Define legitimate request methods, actively block the API request with malicious request method to ensure the security of API assets.

In RESTful web services, the HTTP request type indicates the operation to be performed on the resource. Using illegal request methods may lead to malicious deletion or malicious tampering of API data, for example:

  • Accessing /employee/101 with an HTTP GET request retrieves the details of the 101 user.
  • Accessing /employee/102 with a POST request will create a new employee with ID 102.
  • Using PUT to request access to /employee/101, which can be used to update the information of employee 101.
  • Using a DELETE request to access /employee/101, the data of the employee with ID 101 can be deleted.

If an API asset currently only allows to be requested by GET method, you should limit other illegal request methods.

2.2 How It Works

Once you confirue the valid request method for your API assets,API shield will detect whether the API request carries the correct request method or not, if not, the request will be blocked.
Self-Service Configuration for China Premium Service Onboarding

本篇文档内容对您是否有帮助?
有帮助
我要反馈
提交成功!非常感谢您的反馈,我们会继续努力做到更好!