This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can we know that specific policy failed or not ?

Posted on 05-02-2016 11:37 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I have a use case where I want to log request body if json threat protection policy fails. How to identify that JSON threat protection policy is failing ? Is there some flag or system variable which tells about failure of specific policy ?

0 5 924
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @ukansara,

Please take a look at the documentation we have on Fault Handling -- it explains how to create a special flow called a <FaultRule> in your proxy that executes when a policy throws an error. You can configure the FaultRule flow to conditionally execute any other policy, such as a RaiseFault policy, that returns a custom error message. The condition for executing that policy could be an error status or other output from the policy that failed. There's a good discussion with a complete example on the community in this thread.

Will

Posted on --/--/---- --:-- AM
Not applicable
In response to willwitman
Reply posted on --/--/---- --:-- AM

hi @wwitman

Thanks for your response.

In my case I have multiple policies in proxy end point including JSON threat protection policy. Moreover I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?

0 Likes

Posted on --/--/---- --:-- AM
sudheendras
Staff
Reply posted on --/--/---- --:-- AM

Hi @ukansara

By default, Edge throws an HTTP 500 Internal Server Error status code and an ExecutionFailed error if a message doesn't make it past a JSON or XML Threat Protection policy.

However you can change that error behavior with a new organization-level property. When setting org property features.isPolicyHttpStatusEnabled to true, the following behavior occurs:

  • Request: With a threat protection policy attached to any request flow, invalid messages return a 400 status code, along with a corresponding policy error message.
  • Response: With a threat protection policy attached to any response flow, invalid messages still return a 500 status code, and one of the corresponding policy error messages is thrown (rather than just ExecutionFailed).

Checkout the "Error Codes" section under JSON/XML or Regex protection policy docs. They have examples on handling faults. Hope this helps!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to sudheendras
Reply posted on --/--/---- --:-- AM

hi @sudheendra1,

Thanks for your response.

So in my case I have multiple policies in proxy end point including JSON threat protection. Now I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

You should be able to use a conditional test in the form:

<policy-variable-namespace>.<policy-name>.failed = "true", for example

verifyapikey.check-api-key.failed = "true"

where "check-api-key" is the name given to that policy. Check the particular policy for the variable namespace. Quota and SpikeArrest, for instance, are in 'ratelimit'.