Using the HTTP Malicious Patterns Detection Policy
Learn how to use regular expressions or Java markup tags in an HTTP Malicious Patterns Detection Policy to inspect messages for malicious content, and reject the messages, returning a fault, if a match is found.
Supported Platforms: 7.x, 8.x
Table of Contents
The HTTP Malicious Patterns Detection Policy is used to inspect HTTP messages for content that could be considered dangerous to an API or web service, and to reject the message, returning a fault, if any of the defined expressions match the dangerous content. Notes:
- This policy uses regular expressions to define the content that could be considered dangerous, that would warrant a message being rejected.
The product includes the following out-of-the-box examples that illustrate usage of the HTTP Malicious Pattern Detection Policy. You can use the sample policies located in the root Policies folder as-is, or you can customize the configuration to suit your needs and then attach them directly to a service or operation.
SQL Injection RegEx
A sample HTTPSQLInjection policy is included out-of-the-box. It includes three regular expressions that match SQL keywords and symbols, as shown below.
The policy includes the following configuration options:
- Inspect Headers: Optionally, HTTP headers can be scanned for patterns. If this options is selected, all headers are scanned. To scan specific headers rather than all, enter the header names in the header table.
- Inspect Path: Check this box if you want the HTTP path to be scanned.
- Inspect Parameters: Check this box if you want the HTTP query parameters to be scanned.
- Exclude Markup: This option applies to content with markup such as XML or JSON. If markup is excluded, only the content of the properties, not the markup itself, will be scanned. For example, a JSON property name will not be scanned, just the property value.
- Patterns: One or more regular expression patterns to scan for. Any match will cause the message to be rejected.
Let's take a quick walkthrough of the HTTP Malicious Pattern Detection policy configuration process to get you started.
Step 1: Add Policy / Use Sample Policy
- In Policy Manager, to create an HTTP Malicious Pattern Detection policy instance, go to Policies > Operational Policies and choose Add Policy.
Step 2: Modify Policy
When you choose to Modify the HTTP Malicious Pattern Detection Policy on the Policy Details page, the initial policy looks like this:
Step 3: Configure
- Regular Expression Tester: Rubular.com provides a nice online test tool.
- Regular Expression Builder: Debuggex.com provides a more sophisticated (and more complex) tool for building and validating regular expressions.
Step 4: Attach Policy
After you've saved your policy, you can attach it:
- To an individual web service to apply it to that service
- At the Organization level to apply it to all services defined within the orgnization.