Hi,
I’m using “RegularExpressionProtection” policy in my Proxy, as shown below. This works fine, however I’ve certain fields in request which I want to exclude (don’t want this policy to trigger). However in documentation I couldn’t find any way of achieving this. Could you please suggest what are the options available for me?
<RegularExpressionProtection name="RegularExpressionProtection">
<Source>request</Source>
<JSONPayload escapeSlashCharacter="true">
<JSONPath>
<Expression>$.</Expression>
<Pattern><\s*script\b[^>]*>[^<]+<\s*\/\s*script\s*></Pattern>
<Pattern>n\s*\\\\\s*slash</Pattern>
<Pattern>n\s*\/\s*slash</Pattern>
<Pattern>n\s*\\"\s*quotes</Pattern>
<Pattern>n\s*\\b\s*space</Pattern>
<Pattern>n\s*\\f\s*forwardfeed</Pattern>
<Pattern>n\s*\\n\s*newline</Pattern>
<Pattern>n\s*\\r\s*carria</Pattern>
<Pattern>n\s*\\t\s*tab</Pattern>
<Pattern>n\s*\\uFFFF\s*hex</Pattern>
<Pattern>[\s]*((delete)|(exec)|(drop\s*table)|(insert)|(shutdown)|(update)|(\bor\b))</Pattern >
<Pattern><!--#(include|exec|echo|config|printenv)\s+.*</Pattern>
</JSONPath>
</JSONPayload>
</RegularExpressionProtection>
Cheers,
Mahesh
In that case its better to use javascript or java callout.
Do you have any sample code that you can share or resource link I can refer to?
If you know exactly which fields to exclude, you could copy the request message into another variable (eg: requestSubset) and then delete from this variable the fields you want to exclude. You can use AssignMessage policy to do this
You could then apply the RegexThreat policy on requestSubset
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |