The Input Validation Cloudlet helps strengthen your web forms against abuse or monopolization from brute force and behavioral attackers. It does this by:
- validating form fields and values in incoming requests.
- limiting the number of valid form submissions and invalid attempts per user. Requests are either denied (403) or redirected (302) to a custom "penalty box" once the limit is reached.
Input Validation can inspect POST requests with a Content-Type header of
application/x-www-form-urlencoded and a maximum body size of 16 KB. Valid POST requests that exceed 16 KB are not processed by the Input Validation, but are sent forward through the network.
This diagram shows how Input Validation works when all form field entries are valid, and when an invalid field entry is submitted. In this example, the first submission is allowed as all the form names and values are valid. However, in the second submission the final field is invalid, so the user is denied and sent to a 403 page.
Updated about 1 year ago