Integrity Protection

Integrity protection is an optional feature specified in RFC-7616 where the body content of a request is included in the digest hash, hence providing protection against malware trying to change or replace that. This is not useful in the authentication request since no sensitive data is sent, but it is supported for session security and, if enabled, can be used there too.

curl’s latest digest authentication does not support integrity protection for requests with data content. Setting integrity protection on the SonicWall to Allow, rather than to Enforce, allows initial authentication without integrity protection. Custom scripts can then use integrity protection to safeguard the content of the API management requests.