1 Feature Intro

1.1 Brief Inrtoduction

Identifies illegal request methods and blocks malicious requests accurately, to ensure the security of the APIs.

2 Feature Detail

2.1 Request Method Limiting

Define legitimate request methods, actively block the API request with malicious request method to ensure the security of API assets.

In RESTful web services, the HTTP request type indicates the operation to be performed on the resource. Using illegal request methods may lead to malicious deletion or malicious tampering of API data, for example:

• Accessing /employee/101 with an HTTP GET request retrieves the details of the 101 user.
• Accessing /employee/102 with a POST request will create a new employee with ID 102.
• Using PUT to request access to /employee/101, which can be used to update the information of employee 101.
• Using a DELETE request to access /employee/101, the data of the employee with ID 101 can be deleted.

If an API asset currently only allows to be requested by GET method, you should limit other illegal request methods.

2.2 How It Works

Once you confirue the valid request method for your API assets，API shield will detect whether the API request carries the correct request method or not, if not, the request will be blocked.