The JSONThreatProtection policy minimizes the risk posed by such attacks by enabling you to specify limits on various JSON structures, such as arrays and strings. All settings are optional and should be tuned to optimize your service requirements against potential vulnerabilities.
Note: If a limit is not specified, the system applies a default value of -1 (the system equates a negative value to no limit).
Configure the JSON Threat Protection policy using the following elements.
|Source||Request that needs to be validated for JSON payload attacks.|
|Container depth||Specifies the maximum allowed nested depth.
JSON allows you to nest the containers (object and array) in any order to any depth.
|Object entry count||Specifies the maximum number of entries allowed in an object.|
|Object entry name length||Specifies the maximum string length allowed for an object's entry name.|
|Array element count||Specifies the maximum number of elements allowed in an array.|
|String value length||Specifies the maximum length allowed for a string value.|
Each policy must conform to a policy schema. All policy constructs, such as elements and attributes mentioned above, are defined in a schema. To download the schema, click here.