XML Threat Protection Policy
Policy Name |
XML Threat Protection |
Summary |
Protects against malicious XML in API requests |
Category |
Security |
First Mule version available |
v3.8.0 |
Returned Status Codes |
400 - Bad Request |
Summary
Applications processing XML requests are susceptible to attacks characterized by unusual inflation of elements, attributes, and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic increases in the size of the application data often signal a security problem. The XML Threat Protection policy helps protect your applications from such intrusions.
If you find that attacks on your Anypoint Platform setup are difficult to detect, design your services architecture with layers of protection in addition to XML Threat Protection.
Configuring Policy Parameters
Flex Gateway Local Mode
The XML Threat Protection policy is not supported in Flex Gateway Local Mode.
Flex Gateway Connected Mode
The XML Threat Protection policy is not supported in Flex Gateway Connected Mode.
Mule Gateway
When you apply the XML Threat Protection policy to your API from the UI, the following parameters are displayed:
Field |
Description |
Default |
Required |
Maximum Node Depth |
Specifies the maximum node depth of an XML document. |
-1 |
false |
Maximum Attribute Count Per Element |
Specifies the maximum number of attributes in an element. Note that attributes used for defining namespaces are not counted. |
-1 |
false |
Maximum Child Count |
Specifies the maximum number of children of an element in the XML document. |
-1 |
false |
Maximum Text Length |
Specifies the maximum length (in characters) of text nodes in the XML document. |
-1 |
false |
Maximum Attribute Length |
Specifies the maximum length (in characters) of an attribute in the XML document. |
-1 |
false |
Maximum Comment Length |
Specifies the maximum number of comment characters in the XML document. |
-1 |
false |
| A value of -1 indicates that the field value has no limits. |
