Contact Free trial Login

XML Threat Protection

Policy Name

XML Threat Protection

Summary

Protects against malicious XML in API requests

Category

Security

Since Mule Version

3.8.0

Returned Status Codes

400 - Bad Request

Purpose

XML requests are susceptible to attacks characterized by unusual inflation of elements, attributes and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic swings in the size of the application data often signal a security problem. The XML threat protection policy helps protect your applications from such intrusions.

In the event Mule Runtime fails to detect an attack, you need to monitor and design your services architecture with layers of protection in addition to these policies.

Configuration

Field

Description

Default

Required

Maximum Node Depth

Specifies the maximum node depth allowed in the XML

0

false

Maximum Attribute Count Per Element

Specifies the maximum number of attributes allowed for any element. Note that attributes used for defining namespaces are not counted

0

false

Maximum Child Count

Specifies a limit on the maximum number of children allowed for any element in the XML document

0

false

Maximum Text Length

Specifies a limit on the maximum length, in characters, of any text nodes present in the XML document

0

false

Maximum Attribute Length

Specifies a limit on the maximum length, in characters, of any attributes for any element in the XML document

0

false

Maximum Comment Length

Specifies a limit on the maximum number of comment characters in the XML document

0

false

Configuring a value of -1 means unlimited.

Example

xml threat policy

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.