I have a use case where I want to log request body if json threat protection policy fails. How to identify that JSON threat protection policy is failing ? Is there some flag or system variable which tells about failure of specific policy ?
Hi @ukansara,
Please take a look at the documentation we have on Fault Handling -- it explains how to create a special flow called a <FaultRule> in your proxy that executes when a policy throws an error. You can configure the FaultRule flow to conditionally execute any other policy, such as a RaiseFault policy, that returns a custom error message. The condition for executing that policy could be an error status or other output from the policy that failed. There's a good discussion with a complete example on the community in this thread.
Will
hi @wwitman
Thanks for your response.
In my case I have multiple policies in proxy end point including JSON threat protection policy. Moreover I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?
Hi @ukansara
By default, Edge throws an HTTP 500 Internal Server Error status code and an ExecutionFailed error if a message doesn't make it past a JSON or XML Threat Protection policy.
However you can change that error behavior with a new organization-level property. When setting org property features.isPolicyHttpStatusEnabled to true, the following behavior occurs:
Checkout the "Error Codes" section under JSON/XML or Regex protection policy docs. They have examples on handling faults. Hope this helps!
hi @sudheendra1,
Thanks for your response.
So in my case I have multiple policies in proxy end point including JSON threat protection. Now I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?
You should be able to use a conditional test in the form:
<policy-variable-namespace>.<policy-name>.failed = "true", for example verifyapikey.check-api-key.failed = "true"
where "check-api-key" is the name given to that policy. Check the particular policy for the variable namespace. Quota and SpikeArrest, for instance, are in 'ratelimit'.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |