...
- URL validation
- Request parameter (query, path, post) validation
- Define regex validations of input
- Defend against SQL injection attacks
- HTTP Header rewriting/adding/removal
- Cookie rewriting/adding/removal
- Session cookie SameSite support
- Request validation against XML / JSON schemas
- Create custom validations using scripting
- IP Ranges, with support for IP Reputation Databases - take action on known bad IPs.
...