JSON and XML Threat Protection Policies (Nov 2017 and Jul 2017)
JSON and XML are prone to the same types of malicious injections, often characterized by unusual inflation of elements and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic swings in the size of the application data often signal a security problem. The JSON and XML threat protection policies help protect your applications from such intrusions.
In the event Mule Runtime fails to detect an attack, you need to monitor and design your services architecture with layers of protection in addition to these policies.
Configure JSON threat protection using the procedure to protect JSON appications.
Malicious attacks on XML applications typically involve large, recursive payloads, XPath/XSLT or SQL injections, and CData. Using the XML Threat Protection policy, you can limit the size of things, such as maximum node depth and text node length, in your XML code to thwart malicious attacks. You can limit the size of comments to prevent invasions through CData, for example.
Configure XML threat protection using the procedure to protect XML applications.
Message successfully sent.
400 Bad Request
Any request that violates the configured limits causes a Bad Request error.