Contact Free trial Login

JSON Threat Protection

Policy Name

JSON Threat Protection

Summary

Protects against malicious JSON in API requests

Category

Security

Since Mule Version

3.8.0

Returned Status Codes

400 - Bad Request

Purpose

JSON requests are susceptible to attacks characterized by unusual inflation of elements and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic swings in the size of the application data often signal a security problem. The JSON threat protection policy helps protect your applications from such intrusions.

In the event Mule Runtime fails to detect an attack, you need to monitor and design your services architecture with layers of protection in addition to these policies.

Configuration

Field

Description

Default

Required

Maximum Container Depth

Specifies the maximum allowed nested depth. JSON allows you to nest the containers (object and array) in any order to any depth

0

false

Maximum String Value Length

Specifies the maximum length allowed for a string value

0

false

Maximum Object Entry Name Length

Specifies the maximum string length allowed for an object’s entry name

0

false

Maximum Object Entry Count

Specifies the maximum number of entries allowed in an object

0

false

Maximum Array Element Count

Specifies the maximum number of elements allowed in an array

0

false

Configuring a value of -1 means unlimited.

Example

json threat policy

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub