Suppose the request data for your web application contains a credit card field
(CREDIT_CARD_NO), whose value you wish to block. Additionally, you want to block
the fieldname itself for extra security, and requests that include the field also include a section
called [CustInfo] that you want to remove.
You can manage these tasks by doing the following rules configuration.
- Create an action to delete the request variable:
- Name:
Del_CREDIT_CARD_NO - Action:
ReqDelete - Section: Leave blank
- Field:
CREDIT_CARD_NO
- Name:
- Create an action to delete the
[CustInfo]section:- Name:
Del_CustInfo - Action:
ReqDelete - Section:
CustInfo - Field: Leave blank
- Name:
- Create a rule with the following values:
- ReqField:
CREDIT_CARD_NO - ReqOp:
exists - Enabled:
true - Actions:
Del_CREDIT_CARD_NODel_CustInfo
- ReqField: