limit file size with xml and json threat protection policy metrics

ccovney
Participant V

In the XML or JSON threat protection policies, there does not appear to be any way to structure the configured limit by file size in bytes. All size-related parameterized limits are in units of characters or elements or things of this nature. Is there any sensical way to translate the available metrics into a size in bytes or is there any elegant way to achieve this kind of limitation? Thanks!

Here is the default policy code for the XML and JSON threat protection policies:

<JSONThreatProtection async="false" continueOnError="false" enabled="true" name="JSON-Threat-Protection-1">
   <DisplayName>JSON Threat Protection 1</DisplayName>
   <ArrayElementCount>20</ArrayElementCount>
   <ContainerDepth>10</ContainerDepth>
   <ObjectEntryCount>15</ObjectEntryCount>
   <ObjectEntryNameLength>50</ObjectEntryNameLength>
   <Source>request</Source>
   <StringValueLength>500</StringValueLength>
</JSONThreatProtection>
<XMLThreatProtection async="false" continueOnError="false" enabled="true" name="XML-Threat-Protection-1">
   <DisplayName>XML Threat Protection 1</DisplayName>
   <NameLimits>
      <Element>10</Element>
      <Attribute>10</Attribute>
      <NamespacePrefix>10</NamespacePrefix>
      <ProcessingInstructionTarget>10</ProcessingInstructionTarget>
   </NameLimits>
   <Source>request</Source>
   <StructureLimits>
      <NodeDepth>5</NodeDepth>
      <AttributeCountPerElement>2</AttributeCountPerElement>
      <NamespaceCountPerElement>3</NamespaceCountPerElement>
      <ChildCount includeComment="true" includeElement="true" includeProcessingInstruction="true" includeText="true">3</ChildCount>
   </StructureLimits>
   <ValueLimits>
      <Text>15</Text>
      <Attribute>10</Attribute>
      <NamespaceURI>10</NamespaceURI>
      <Comment>10</Comment>
      <ProcessingInstructionData>10</ProcessingInstructionData>
   </ValueLimits> 
</XMLThreatProtection>

And here is a link to the Apigee Docs pages for the these policies: http://apigee.com/docs/api-services/content/content-threat-protection

Best, Chris

0 1 862
1 REPLY 1

you could use the Content-Length header,

for eg, you could have a conditional RaiseFault, for a condition something like

request.header.Content-Length > {a threshold limit}