Json threat protection on large payloads

mehuljain · 08-07-2020 02:59 AM

HI guys, what i'd like to know is that.....is there any way possible to use json protection policy on large JSON request payloads.....as i know how the policy works.....but what if the payloads has no. of different elements and array count on each different key and values pair .

As for now...i couldn't find any new way to look out for the answer.

i would be glad to know some tips for this

Report Inappropriate Content

if you have different elements give the highest values allowed.

<JSONThreatProtection async="false" continueOnError="false" enabled="true" name="JSON-Threat-Protection-1">   <DisplayName>JSON Threat Protection 1</DisplayName>   <ArrayElementCount>20</ArrayElementCount>   <ContainerDepth>10</ContainerDepth>   <ObjectEntryCount>15</ObjectEntryCount>   <ObjectEntryNameLength>50</ObjectEntryNameLength>   <Source>request</Source>   <StringValueLength>500</StringValueLength></JSONThreatProtection>

mehuljain

no, its not like that, wait let me show with the example

for eg-:

{

"firstName":"Aabbcc",

"lastName":"Zzxxyy",

"countryCode":"IND",

"bankCodeType":"IFSC",

"bankCode":"123456789098"

}

Now let's just say if i allow <ObjectEntryNameLength>50</ObjectEntryNameLength>
then it would pass the countryCode as well...even if i pass it to more than 3 char.....which is wrong in terms of ISO country code
as for this.....jsonThreatPolicy wouldn't able to get this one

what i want to do is to enable restrictions on some key&value pairs.....as it can be done with script code with the help of javascript policy
i hope you get what i meant to say

ssvaidyanathan

JSONThreatProtection is a security policy. What you are asking for is very specific to an API and for validation purpose.. So you will have to write something custom to validate those fields. Your best bet is JavaScript policy.

Report Inappropriate Content

Then use javascript policy to enforce your restrictions.