{ "policy" : { "antivirus" : { "inspectHttpUploads" : false }, "applicationLanguage" : "utf-8", "behavioral-enforcement" : { "behavioralEnforcementViolations" : [ { "name" : "VIOL_CONVICTION" }, { "name" : "VIOL_THREAT_ANALYSIS" }, { "name" : "VIOL_BLOCKING_CONDITION" }, { "name" : "VIOL_THREAT_CAMPAIGN" }, { "name" : "VIOL_BLACKLISTED_IP" }, { "name" : "VIOL_GEOLOCATION" } ], "enableBehavioralEnforcement" : false, "enableBlockingCveSignatures" : true, "enableBlockingHighAccuracySignatures" : true, "enableBlockingLikelyMaliciousTransactions" : true, "enableBlockingSuspiciousTransactions" : false, "enableBlockingViolations" : true }, "blocking-settings" : { "evasions" : [ { "description" : "Bad unescape", "enabled" : false, "learn" : true }, { "description" : "Apache whitespace", "enabled" : false, "learn" : true }, { "description" : "Bare byte decoding", "enabled" : false, "learn" : true }, { "description" : "IIS Unicode codepoints", "enabled" : false, "learn" : true }, { "description" : "IIS backslashes", "enabled" : false, "learn" : true }, { "description" : "%u decoding", "enabled" : false, "learn" : true }, { "description" : "Multiple decoding", "enabled" : false, "learn" : true, "maxDecodingPasses" : 3 }, { "description" : "Directory traversals", "enabled" : false, "learn" : true } ], "http-protocols" : [ { "description" : "Multiple host headers", "enabled" : false, "learn" : true }, { "description" : "Check maximum number of parameters", "enabled" : false, "learn" : true, "maxParams" : 500 }, { "description" : "Bad host header value", "enabled" : false, "learn" : true }, { "description" : "Check maximum number of headers", "enabled" : false, "learn" : true, "maxHeaders" : 30 }, { "description" : "Unparsable request content", "enabled" : true }, { "description" : "High ASCII characters in headers", "enabled" : false, "learn" : false }, { "description" : "Null in request", "enabled" : true }, { "description" : "Bad HTTP version", "enabled" : true }, { "description" : "Content length should be a positive number", "enabled" : false, "learn" : true }, { "description" : "Host header contains IP address", "enabled" : false, "learn" : false }, { "description" : "CRLF characters before request start", "enabled" : false, "learn" : true }, { "description" : "No Host header in HTTP/1.1 request", "enabled" : false, "learn" : true }, { "description" : "Bad multipart parameters parsing", "enabled" : false, "learn" : true }, { "description" : "Bad multipart/form-data request parsing", "enabled" : false, "learn" : true }, { "description" : "Body in GET or HEAD requests", "enabled" : false, "learn" : false }, { "description" : "Chunked request with Content-Length header", "enabled" : false, "learn" : true }, { "description" : "Several Content-Length headers", "enabled" : true, "learn" : true }, { "description" : "Header name with no header value", "enabled" : false, "learn" : true }, { "description" : "POST request with Content-Length: 0", "enabled" : false, "learn" : false } ], "violations" : [ { "alarm" : true, "block" : true, "description" : "GraphQL introspection query", "name" : "VIOL_GRAPHQL_INTROSPECTION_QUERY" }, { "alarm" : true, "block" : true, "description" : "GraphQL data does not comply with format settings", "learn" : true, "name" : "VIOL_GRAPHQL_FORMAT" }, { "alarm" : true, "block" : true, "description" : "Malformed GraphQL data", "learn" : true, "name" : "VIOL_GRAPHQL_MALFORMED" }, { "alarm" : true, "block" : true, "description" : "Disallowed file upload content detected in body", "name" : "VIOL_FILE_UPLOAD_IN_BODY" }, { "alarm" : false, "block" : false, "description" : "Violation Rating Need Examination detected", "name" : "VIOL_RATING_NEED_EXAMINATION" }, { "alarm" : false, "block" : false, "description" : "Violation Rating Threat detected", "name" : "VIOL_RATING_THREAT" }, { "alarm" : true, "block" : true, "description" : "Illegal repeated header", "learn" : true, "name" : "VIOL_HEADER_REPEATED" }, { "alarm" : false, "block" : false, "description" : "Mandatory request body is missing", "name" : "VIOL_MANDATORY_REQUEST_BODY" }, { "alarm" : true, "block" : true, "description" : "Bad Actor Convicted", "name" : "VIOL_CONVICTION" }, { "alarm" : false, "block" : false, "description" : "Illegal host name", "name" : "VIOL_HOSTNAME" }, { "alarm" : true, "block" : true, "description" : "Leaked Credentials Detection", "name" : "VIOL_LEAKED_CREDENTIALS" }, { "alarm" : true, "block" : true, "description" : "Mitigation action determined by Threat Analysis Platform", "name" : "VIOL_THREAT_ANALYSIS" }, { "alarm" : true, "block" : true, "description" : "Blocking Condition Detected", "name" : "VIOL_BLOCKING_CONDITION" }, { "alarm" : true, "block" : true, "description" : "Bad Actor Detected", "name" : "VIOL_MALICIOUS_DEVICE" }, { "alarm" : true, "block" : true, "description" : "Illegal parameter location", "name" : "VIOL_PARAMETER_LOCATION" }, { "alarm" : false, "block" : false, "description" : "Mandatory parameter is missing", "name" : "VIOL_MANDATORY_PARAMETER" }, { "alarm" : true, "block" : true, "description" : "JSON data does not comply with JSON schema", "name" : "VIOL_JSON_SCHEMA" }, { "alarm" : false, "block" : false, "description" : "Illegal parameter array value", "name" : "VIOL_PARAMETER_ARRAY_VALUE" }, { "alarm" : true, "block" : true, "description" : "Threat Campaign detected", "name" : "VIOL_THREAT_CAMPAIGN" }, { "description" : "Attack signature detected", "name" : "VIOL_ATTACK_SIGNATURE" }, { "alarm" : true, "block" : true, "description" : "Server-side access to disallowed host", "name" : "VIOL_SERVER_SIDE_HOST" }, { "alarm" : false, "block" : false, "description" : "DataSafe Data Integrity", "name" : "VIOL_DATA_INTEGRITY" }, { "alarm" : true, "block" : true, "description" : "Host name mismatch", "name" : "VIOL_HOSTNAME_MISMATCH" }, { "alarm" : true, "block" : true, "description" : "IP is blacklisted", "name" : "VIOL_BLACKLISTED_IP" }, { "alarm" : false, "block" : false, "description" : "Plain text data does not comply with format settings", "learn" : false, "name" : "VIOL_PLAINTEXT_FORMAT" }, { "alarm" : true, "block" : true, "description" : "Illegal WebSocket binary message length", "learn" : true, "name" : "VIOL_WEBSOCKET_BINARY_MESSAGE_LENGTH" }, { "alarm" : true, "block" : true, "description" : "Illegal number of frames per message", "learn" : true, "name" : "VIOL_WEBSOCKET_FRAMES_PER_MESSAGE_COUNT" }, { "alarm" : true, "block" : true, "description" : "Illegal WebSocket extension", "learn" : true, "name" : "VIOL_WEBSOCKET_EXTENSION" }, { "alarm" : false, "block" : false, "description" : "Binary content found in text only WebSocket", "learn" : false, "name" : "VIOL_WEBSOCKET_BINARY_MESSAGE_NOT_ALLOWED" }, { "alarm" : false, "block" : false, "description" : "Text content found in binary only WebSocket", "learn" : false, "name" : "VIOL_WEBSOCKET_TEXT_MESSAGE_NOT_ALLOWED" }, { "alarm" : false, "block" : false, "description" : "Illegal cross-origin request", "learn" : false, "name" : "VIOL_CROSS_ORIGIN_REQUEST" }, { "alarm" : true, "block" : true, "description" : "Null character found in WebSocket text message", "name" : "VIOL_WEBSOCKET_TEXT_NULL_VALUE" }, { "alarm" : true, "block" : true, "description" : "Illegal WebSocket frame length", "learn" : true, "name" : "VIOL_WEBSOCKET_FRAME_LENGTH" }, { "alarm" : false, "block" : false, "description" : "Mask not found in client frame", "learn" : true, "name" : "VIOL_WEBSOCKET_FRAME_MASKING" }, { "alarm" : false, "block" : false, "description" : "Failure in WebSocket framing protocol", "learn" : true, "name" : "VIOL_WEBSOCKET_FRAMING_PROTOCOL" }, { "alarm" : false, "block" : false, "description" : "Bad WebSocket handshake request", "learn" : true, "name" : "VIOL_WEBSOCKET_BAD_REQUEST" }, { "alarm" : true, "block" : true, "description" : "Illegal redirection attempt", "learn" : true, "name" : "VIOL_REDIRECT" }, { "alarm" : true, "block" : true, "description" : "Mandatory HTTP header is missing", "learn" : true, "name" : "VIOL_MANDATORY_HEADER" }, { "alarm" : false, "block" : false, "description" : "GWT data does not comply with format settings", "learn" : false, "name" : "VIOL_GWT_FORMAT" }, { "alarm" : true, "block" : true, "description" : "Illegal Base64 value", "learn" : true, "name" : "VIOL_PARAMETER_VALUE_BASE64" }, { "alarm" : true, "block" : true, "description" : "Access from malicious IP address", "name" : "VIOL_MALICIOUS_IP" }, { "alarm" : true, "block" : true, "description" : "Disallowed file upload content detected", "learn" : true, "name" : "VIOL_FILE_UPLOAD" }, { "alarm" : false, "block" : false, "description" : "Malformed GWT data", "learn" : false, "name" : "VIOL_GWT_MALFORMED" }, { "alarm" : false, "block" : false, "description" : "Illegal meta character in header", "learn" : false, "name" : "VIOL_HEADER_METACHAR" }, { "alarm" : false, "block" : false, "description" : "Illegal request content type", "learn" : false, "name" : "VIOL_URL_CONTENT_TYPE" }, { "alarm" : true, "block" : true, "description" : "Illegal HTTP status in response", "learn" : true, "name" : "VIOL_HTTP_RESPONSE_STATUS" }, { "alarm" : true, "block" : true, "description" : "Modified ASM cookie", "learn" : true, "name" : "VIOL_ASM_COOKIE_MODIFIED" }, { "alarm" : false, "block" : false, "description" : "Modified domain cookie(s)", "learn" : false, "name" : "VIOL_COOKIE_MODIFIED" }, { "alarm" : true, "block" : true, "description" : "Cookie not RFC-compliant", "learn" : true, "name" : "VIOL_COOKIE_MALFORMED" }, { "alarm" : true, "block" : true, "description" : "Malformed JSON data", "learn" : true, "name" : "VIOL_JSON_MALFORMED" }, { "alarm" : false, "block" : false, "description" : "Illegal entry point", "learn" : false, "name" : "VIOL_FLOW_ENTRY_POINT" }, { "alarm" : true, "block" : true, "description" : "Access from disallowed User/Session/IP/Device ID", "name" : "VIOL_SESSION_AWARENESS" }, { "alarm" : false, "block" : false, "description" : "ASM Cookie Hijacking", "learn" : false, "name" : "VIOL_ASM_COOKIE_HIJACKING" }, { "alarm" : false, "block" : false, "description" : "Expired timestamp", "learn" : false, "name" : "VIOL_COOKIE_EXPIRED" }, { "alarm" : false, "block" : false, "description" : "Illegal static parameter value", "learn" : false, "name" : "VIOL_PARAMETER_STATIC_VALUE" }, { "alarm" : false, "block" : false, "description" : "Illegal dynamic parameter value", "learn" : false, "name" : "VIOL_PARAMETER_DYNAMIC_VALUE" }, { "alarm" : false, "block" : false, "description" : "Illegal parameter value length", "learn" : false, "name" : "VIOL_PARAMETER_VALUE_LENGTH" }, { "alarm" : false, "block" : false, "description" : "Illegal parameter data type", "learn" : false, "name" : "VIOL_PARAMETER_DATA_TYPE" }, { "alarm" : false, "block" : false, "description" : "Illegal parameter numeric value", "learn" : false, "name" : "VIOL_PARAMETER_NUMERIC_VALUE" }, { "alarm" : false, "block" : false, "description" : "Illegal number of mandatory parameters", "learn" : false, "name" : "VIOL_FLOW_MANDATORY_PARAMS" }, { "alarm" : false, "block" : false, "description" : "Parameter value does not comply with regular expression", "learn" : false, "name" : "VIOL_PARAMETER_VALUE_REGEXP" }, { "alarm" : true, "block" : true, "description" : "Illegal file type", "learn" : true, "name" : "VIOL_FILETYPE" }, { "alarm" : false, "block" : false, "description" : "Illegal URL", "learn" : false, "name" : "VIOL_URL" }, { "alarm" : false, "block" : false, "description" : "Illegal flow to URL", "learn" : false, "name" : "VIOL_FLOW" }, { "alarm" : true, "block" : true, "description" : "Illegal method", "learn" : true, "name" : "VIOL_METHOD" }, { "alarm" : false, "block" : false, "description" : "Illegal session ID in URL", "learn" : false, "name" : "VIOL_DYNAMIC_SESSION" }, { "alarm" : false, "block" : false, "description" : "Illegal query string or POST data", "learn" : false, "name" : "VIOL_FLOW_DISALLOWED_INPUT" }, { "alarm" : false, "block" : false, "description" : "Illegal parameter", "learn" : false, "name" : "VIOL_PARAMETER" }, { "alarm" : false, "block" : false, "description" : "Illegal empty parameter value", "learn" : false, "name" : "VIOL_PARAMETER_EMPTY_VALUE" }, { "alarm" : true, "block" : true, "description" : "Illegal POST data length", "learn" : true, "name" : "VIOL_POST_DATA_LENGTH" }, { "alarm" : false, "block" : false, "description" : "Null in multi-part parameter value", "learn" : false, "name" : "VIOL_PARAMETER_MULTIPART_NULL_VALUE" }, { "alarm" : false, "block" : false, "description" : "Illegal header length", "learn" : true, "name" : "VIOL_HEADER_LENGTH" }, { "alarm" : false, "block" : false, "description" : "JSON data does not comply with format settings", "learn" : false, "name" : "VIOL_JSON_FORMAT" }, { "alarm" : false, "block" : false, "description" : "Illegal repeated parameter name", "learn" : false, "name" : "VIOL_PARAMETER_REPEATED" }, { "alarm" : false, "block" : false, "description" : "Illegal meta character in URL", "learn" : false, "name" : "VIOL_URL_METACHAR" }, { "alarm" : false, "block" : false, "description" : "Illegal meta character in parameter name", "learn" : false, "name" : "VIOL_PARAMETER_NAME_METACHAR" }, { "alarm" : false, "block" : false, "description" : "Illegal meta character in value", "learn" : false, "name" : "VIOL_PARAMETER_VALUE_METACHAR" }, { "alarm" : false, "block" : false, "description" : "SOAP method not allowed", "learn" : false, "name" : "VIOL_XML_SOAP_METHOD" }, { "alarm" : true, "block" : true, "description" : "Brute Force: Maximum login attempts are exceeded", "name" : "VIOL_BRUTE_FORCE" }, { "alarm" : true, "block" : true, "description" : "CSRF authentication expired", "learn" : true, "name" : "VIOL_CSRF_EXPIRED" }, { "alarm" : true, "block" : true, "description" : "Illegal URL length", "learn" : true, "name" : "VIOL_URL_LENGTH" }, { "alarm" : false, "block" : false, "description" : "Illegal cookie length", "learn" : true, "name" : "VIOL_COOKIE_LENGTH" }, { "alarm" : true, "block" : true, "description" : "Illegal request length", "learn" : true, "name" : "VIOL_REQUEST_LENGTH" }, { "alarm" : true, "block" : true, "description" : "Illegal query string length", "learn" : true, "name" : "VIOL_QUERY_STRING_LENGTH" }, { "alarm" : true, "block" : true, "description" : "Access from disallowed Geolocation", "learn" : true, "name" : "VIOL_GEOLOCATION" }, { "alarm" : true, "block" : true, "description" : "HTTP protocol compliance failed", "learn" : true, "name" : "VIOL_HTTP_PROTOCOL" }, { "alarm" : true, "block" : true, "description" : "Failed to convert character", "name" : "VIOL_ENCODING" }, { "alarm" : true, "block" : true, "description" : "CSRF attack detected", "name" : "VIOL_CSRF" }, { "alarm" : true, "block" : true, "description" : "Malformed XML data", "learn" : true, "name" : "VIOL_XML_MALFORMED" }, { "alarm" : false, "block" : false, "description" : "XML data does not comply with schema or WSDL document", "learn" : false, "name" : "VIOL_XML_SCHEMA" }, { "alarm" : false, "block" : false, "description" : "XML data does not comply with format settings", "learn" : false, "name" : "VIOL_XML_FORMAT" }, { "alarm" : false, "block" : false, "description" : "Web Services Security failure", "learn" : false, "name" : "VIOL_XML_WEB_SERVICES_SECURITY" }, { "alarm" : true, "block" : true, "description" : "Evasion technique detected", "learn" : true, "name" : "VIOL_EVASION" }, { "alarm" : false, "block" : false, "description" : "Virus detected", "learn" : false, "name" : "VIOL_VIRUS" }, { "alarm" : false, "block" : false, "description" : "Request length exceeds defined buffer size", "learn" : true, "name" : "VIOL_REQUEST_MAX_LENGTH" }, { "alarm" : false, "block" : false, "description" : "Login URL bypassed", "learn" : false, "name" : "VIOL_LOGIN_URL_BYPASSED" }, { "alarm" : false, "block" : false, "description" : "Login URL expired", "learn" : false, "name" : "VIOL_LOGIN_URL_EXPIRED" }, { "alarm" : true, "block" : true, "description" : "Data Guard: Information leakage detected", "learn" : true, "name" : "VIOL_DATA_GUARD" }, { "alarm" : false, "block" : false, "description" : "Illegal attachment in SOAP message", "learn" : false, "name" : "VIOL_XML_SOAP_ATTACHMENT" } ], "web-services-securities" : [ { "description" : "UnSigned Timestamp", "enabled" : false, "learn" : true }, { "description" : "Timestamp expiration is too far in the future", "enabled" : false, "learn" : true }, { "description" : "Expired Timestamp", "enabled" : false, "learn" : true }, { "description" : "Invalid Timestamp", "enabled" : false, "learn" : true }, { "description" : "Missing Timestamp", "enabled" : false, "learn" : true }, { "description" : "Verification Error", "enabled" : false, "learn" : true }, { "description" : "Signing Error", "enabled" : false, "learn" : true }, { "description" : "Encryption Error", "enabled" : false, "learn" : true }, { "description" : "Decryption Error", "enabled" : false, "learn" : true }, { "description" : "Certificate Error", "enabled" : false, "learn" : true }, { "description" : "Certificate Expired", "enabled" : false, "learn" : true }, { "description" : "Malformed Error", "enabled" : false, "learn" : true }, { "description" : "Internal Error", "enabled" : false, "learn" : true } ] }, "brute-force-attack-preventions" : [ { "bruteForceProtectionForAllLoginPages" : false, "captchaBypassCriteria" : { "action" : "alarm-and-drop", "enabled" : true, "threshold" : 5 }, "clientSideIntegrityBypassCriteria" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "detectionCriteria" : { "action" : "alarm-and-captcha", "credentialsStuffingMatchesReached" : 100, "detectCredentialsStuffingAttack" : true, "detectDistributedBruteForceAttack" : true, "failedLoginAttemptsRateReached" : 100 }, "leakedCredentialsCriteria" : { "action" : "alarm-and-blocking-page", "enabled" : false }, "loginAttemptsFromTheSameDeviceId" : { "action" : "alarm-and-captcha", "enabled" : false, "threshold" : 3 }, "loginAttemptsFromTheSameIp" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 20 }, "loginAttemptsFromTheSameUser" : { "action" : "alarm-and-captcha", "enabled" : true, "threshold" : 3 }, "measurementPeriod" : 900, "preventionDuration" : "3600", "reEnableLoginAfter" : 3600, "sourceBasedProtectionDetectionPeriod" : 3600 } ], "caseInsensitive" : false, "character-sets" : [ { "characterSet" : [ { "isAllowed" : false, "metachar" : "0x0" }, { "isAllowed" : false, "metachar" : "0x1" }, { "isAllowed" : false, "metachar" : "0x2" }, { "isAllowed" : false, "metachar" : "0x3" }, { "isAllowed" : false, "metachar" : "0x4" }, { "isAllowed" : false, "metachar" : "0x5" }, { "isAllowed" : false, "metachar" : "0x6" }, { "isAllowed" : false, "metachar" : "0x7" }, { "isAllowed" : false, "metachar" : "0x8" }, { "isAllowed" : false, "metachar" : "0x9" }, { "isAllowed" : true, "metachar" : "0xa" }, { "isAllowed" : false, "metachar" : "0xb" }, { "isAllowed" : false, "metachar" : "0xc" }, { "isAllowed" : true, "metachar" : "0xd" }, { "isAllowed" : false, "metachar" : "0xe" }, { "isAllowed" : false, "metachar" : "0xf" }, { "isAllowed" : false, "metachar" : "0x10" }, { "isAllowed" : false, "metachar" : "0x11" }, { "isAllowed" : false, "metachar" : "0x12" }, { "isAllowed" : false, "metachar" : "0x13" }, { "isAllowed" : false, "metachar" : "0x14" }, { "isAllowed" : false, "metachar" : "0x15" }, { "isAllowed" : false, "metachar" : "0x16" }, { "isAllowed" : false, "metachar" : "0x17" }, { "isAllowed" : false, "metachar" : "0x18" }, { "isAllowed" : false, "metachar" : "0x19" }, { "isAllowed" : false, "metachar" : "0x1a" }, { "isAllowed" : false, "metachar" : "0x1b" }, { "isAllowed" : false, "metachar" : "0x1c" }, { "isAllowed" : false, "metachar" : "0x1d" }, { "isAllowed" : false, "metachar" : "0x1e" }, { "isAllowed" : false, "metachar" : "0x1f" }, { "isAllowed" : true, "metachar" : "0x20" }, { "isAllowed" : true, "metachar" : "0x21" }, { "isAllowed" : true, "metachar" : "0x22" }, { "isAllowed" : true, "metachar" : "0x23" }, { "isAllowed" : true, "metachar" : "0x24" }, { "isAllowed" : true, "metachar" : "0x25" }, { "isAllowed" : true, "metachar" : "0x26" }, { "isAllowed" : true, "metachar" : "0x27" }, { "isAllowed" : true, "metachar" : "0x28" }, { "isAllowed" : true, "metachar" : "0x29" }, { "isAllowed" : true, "metachar" : "0x2a" }, { "isAllowed" : true, "metachar" : "0x2b" }, { "isAllowed" : true, "metachar" : "0x2c" }, { "isAllowed" : true, "metachar" : "0x2d" }, { "isAllowed" : true, "metachar" : "0x2e" }, { "isAllowed" : true, "metachar" : "0x2f" }, { "isAllowed" : true, "metachar" : "0x30" }, { "isAllowed" : true, "metachar" : "0x31" }, { "isAllowed" : true, "metachar" : "0x32" }, { "isAllowed" : true, "metachar" : "0x33" }, { "isAllowed" : true, "metachar" : "0x34" }, { "isAllowed" : true, "metachar" : "0x35" }, { "isAllowed" : true, "metachar" : "0x36" }, { "isAllowed" : true, "metachar" : "0x37" }, { "isAllowed" : true, "metachar" : "0x38" }, { "isAllowed" : true, "metachar" : "0x39" }, { "isAllowed" : true, "metachar" : "0x3a" }, { "isAllowed" : true, "metachar" : "0x3b" }, { "isAllowed" : true, "metachar" : "0x3c" }, { "isAllowed" : true, "metachar" : "0x3d" }, { "isAllowed" : true, "metachar" : "0x3e" }, { "isAllowed" : true, "metachar" : "0x3f" }, { "isAllowed" : true, "metachar" : "0x40" }, { "isAllowed" : true, "metachar" : "0x41" }, { "isAllowed" : true, "metachar" : "0x42" }, { "isAllowed" : true, "metachar" : "0x43" }, { "isAllowed" : true, "metachar" : "0x44" }, { "isAllowed" : true, "metachar" : "0x45" }, { "isAllowed" : true, "metachar" : "0x46" }, { "isAllowed" : true, "metachar" : "0x47" }, { "isAllowed" : true, "metachar" : "0x48" }, { "isAllowed" : true, "metachar" : "0x49" }, { "isAllowed" : true, "metachar" : "0x4a" }, { "isAllowed" : true, "metachar" : "0x4b" }, { "isAllowed" : true, "metachar" : "0x4c" }, { "isAllowed" : true, "metachar" : "0x4d" }, { "isAllowed" : true, "metachar" : "0x4e" }, { "isAllowed" : true, "metachar" : "0x4f" }, { "isAllowed" : true, "metachar" : "0x50" }, { "isAllowed" : true, "metachar" : "0x51" }, { "isAllowed" : true, "metachar" : "0x52" }, { "isAllowed" : true, "metachar" : "0x53" }, { "isAllowed" : true, "metachar" : "0x54" }, { "isAllowed" : true, "metachar" : "0x55" }, { "isAllowed" : true, "metachar" : "0x56" }, { "isAllowed" : true, "metachar" : "0x57" }, { "isAllowed" : true, "metachar" : "0x58" }, { "isAllowed" : true, "metachar" : "0x59" }, { "isAllowed" : true, "metachar" : "0x5a" }, { "isAllowed" : true, "metachar" : "0x5b" }, { "isAllowed" : true, "metachar" : "0x5c" }, { "isAllowed" : true, "metachar" : "0x5d" }, { "isAllowed" : true, "metachar" : "0x5e" }, { "isAllowed" : true, "metachar" : "0x5f" }, { "isAllowed" : true, "metachar" : "0x60" }, { "isAllowed" : true, "metachar" : "0x61" }, { "isAllowed" : true, "metachar" : "0x62" }, { "isAllowed" : true, "metachar" : "0x63" }, { "isAllowed" : true, "metachar" : "0x64" }, { "isAllowed" : true, "metachar" : "0x65" }, { "isAllowed" : true, "metachar" : "0x66" }, { "isAllowed" : true, "metachar" : "0x67" }, { "isAllowed" : true, "metachar" : "0x68" }, { "isAllowed" : true, "metachar" : "0x69" }, { "isAllowed" : true, "metachar" : "0x6a" }, { "isAllowed" : true, "metachar" : "0x6b" }, { "isAllowed" : true, "metachar" : "0x6c" }, { "isAllowed" : true, "metachar" : "0x6d" }, { "isAllowed" : true, "metachar" : "0x6e" }, { "isAllowed" : true, "metachar" : "0x6f" }, { "isAllowed" : true, "metachar" : "0x70" }, { "isAllowed" : true, "metachar" : "0x71" }, { "isAllowed" : true, "metachar" : "0x72" }, { "isAllowed" : true, "metachar" : "0x73" }, { "isAllowed" : true, "metachar" : "0x74" }, { "isAllowed" : true, "metachar" : "0x75" }, { "isAllowed" : true, "metachar" : "0x76" }, { "isAllowed" : true, "metachar" : "0x77" }, { "isAllowed" : true, "metachar" : "0x78" }, { "isAllowed" : true, "metachar" : "0x79" }, { "isAllowed" : true, "metachar" : "0x7a" }, { "isAllowed" : true, "metachar" : "0x7b" }, { "isAllowed" : true, "metachar" : "0x7c" }, { "isAllowed" : true, "metachar" : "0x7d" }, { "isAllowed" : true, "metachar" : "0x7e" }, { "isAllowed" : false, "metachar" : "0x7f" } ], "characterSetType" : "plain-text-content" } ], "cookie-settings" : { "maximumCookieHeaderLength" : "8192" }, "cookies" : [ { "accessibleOnlyThroughTheHttpProtocol" : false, "attackSignaturesCheck" : true, "enforcementType" : "allow", "insertSameSiteAttribute" : "none", "isBase64" : false, "maskValueInLogs" : false, "name" : "*", "performStaging" : true, "securedOverHttpsConnection" : false, "type" : "wildcard", "wildcardOrder" : 1 } ], "csrf-protection" : { "enabled" : false }, "csrf-urls" : [ { "enforcementAction" : "verify-csrf-token", "method" : "POST", "requiredParameters" : "ignore", "url" : "*", "wildcardOrder" : 1 } ], "data-guard" : { "enabled" : false, "enforcementMode" : "ignore-urls-in-list" }, "database-protection" : { "databaseProtectionEnabled" : false, "userSource" : "apm" }, "deception-settings" : { "enableCustomResponses" : false, "enableResponsePageByAttackType" : true, "serverTechnologyName" : "Nginx" }, "description" : "Fundamental Policy", "enablePassiveMode" : false, "enforcementMode" : "blocking", "filetypes" : [ { "allowed" : true, "checkPostDataLength" : true, "checkQueryStringLength" : true, "checkRequestLength" : true, "checkUrlLength" : true, "name" : "*", "performStaging" : true, "postDataLength" : 1000, "queryStringLength" : 1000, "requestLength" : 5000, "responseCheck" : false, "type" : "wildcard", "urlLength" : 100, "wildcardOrder" : 1 } ], "fullPath" : "/Common/scenario5", "general" : { "allowedResponseCodes" : [ 400, 401, 404, 407, 417, 503 ], "enableEventCorrelation" : true, "enforcementReadinessPeriod" : 7, "maskCreditCardNumbersInRequest" : true, "pathParameterHandling" : "as-parameters", "triggerAsmIruleEvent" : "disabled", "trustXff" : false, "useDynamicSessionIdInUrl" : false }, "graphql-profiles" : [ { "attackSignaturesCheck" : true, "defenseAttributes" : { "allowIntrospectionQueries" : false, "maximumBatchedQueries" : "any", "maximumStructureDepth" : "any", "maximumTotalLength" : "any", "maximumValueLength" : "any", "tolerateParsingWarnings" : true }, "description" : "Default GraphQL Profile", "metacharElementCheck" : true, "name" : "Default" } ], "gwt-profiles" : [ { "attackSignaturesCheck" : true, "defenseAttributes" : { "maximumTotalLengthOfGWTData" : 10000, "maximumValueLength" : 100, "tolerateGWTParsingWarnings" : true }, "description" : "Default GWT Profile", "metacharElementCheck" : true, "name" : "Default" } ], "header-settings" : { "maximumHttpHeaderLength" : "8192" }, "headers" : [ { "allowRepeatedOccurrences" : false, "base64Decoding" : false, "checkSignatures" : true, "htmlNormalization" : false, "mandatory" : false, "maskValueInLogs" : false, "name" : "transfer-encoding", "normalizationViolations" : true, "percentDecoding" : false, "type" : "explicit", "urlNormalization" : true }, { "allowRepeatedOccurrences" : true, "base64Decoding" : false, "checkSignatures" : true, "htmlNormalization" : false, "mandatory" : false, "maskValueInLogs" : false, "name" : "referer", "normalizationViolations" : true, "percentDecoding" : false, "type" : "explicit", "urlNormalization" : true }, { "allowRepeatedOccurrences" : true, "checkSignatures" : false, "mandatory" : false, "maskValueInLogs" : false, "name" : "cookie", "type" : "explicit" }, { "allowRepeatedOccurrences" : false, "base64Decoding" : false, "checkSignatures" : true, "htmlNormalization" : false, "mandatory" : false, "maskValueInLogs" : true, "name" : "authorization", "normalizationViolations" : false, "percentDecoding" : true, "type" : "explicit", "urlNormalization" : false }, { "allowRepeatedOccurrences" : true, "base64Decoding" : false, "checkSignatures" : true, "htmlNormalization" : false, "mandatory" : false, "maskValueInLogs" : false, "name" : "*", "normalizationViolations" : false, "percentDecoding" : true, "type" : "wildcard", "urlNormalization" : false, "wildcardOrder" : 1 } ], "ip-intelligence" : { "enabled" : false }, "json-profiles" : [ { "defenseAttributes" : { "maximumArrayLength" : "any", "maximumStructureDepth" : "any", "maximumTotalLengthOfJSONData" : "any", "maximumValueLength" : "any", "tolerateJSONParsingWarnings" : true }, "description" : "Default JSON Profile", "handleJsonValuesAsParameters" : true, "hasValidationFiles" : false, "name" : "Default", "validationFiles" : [] } ], "login-enforcement" : { "expirationTimePeriod" : "disabled" }, "methods" : [ { "actAsMethod" : "GET", "name" : "HEAD" }, { "actAsMethod" : "POST", "name" : "POST" }, { "actAsMethod" : "GET", "name" : "GET" } ], "name" : "scenario5", "parameters" : [ { "allowEmptyValue" : true, "allowRepeatedParameterName" : false, "attackSignaturesCheck" : true, "checkMaxValueLength" : false, "checkMetachars" : false, "isBase64" : false, "isCookie" : false, "isHeader" : false, "level" : "global", "metacharsOnParameterValueCheck" : false, "name" : "*", "parameterLocation" : "any", "performStaging" : true, "sensitiveParameter" : false, "type" : "wildcard", "valueType" : "auto-detect", "wildcardOrder" : 1 } ], "plain-text-profiles" : [ { "attackSignaturesCheck" : true, "defenseAttributes" : { "maximumLineLength" : "any", "maximumTotalLength" : "any", "performPercentDecoding" : false }, "description" : "Default Plain Text Profile", "metacharElementCheck" : false, "name" : "Default" } ], "policy-builder" : { "enableFullPolicyInspection" : true, "enableTrustedTrafficSiteChangeTracking" : true, "enableUntrustedTrafficSiteChangeTracking" : true, "inactiveEntityInactivityDurationInDays" : 90, "learnFromResponses" : false, "learnInactiveEntities" : true, "learnOnlyFromNonBotTraffic" : true, "learningMode" : "manual", "responseStatusCodes" : [ "1xx", "2xx", "3xx" ], "trafficTighten" : { "maxModificationSuggestionScore" : 50, "minDaysBetweenSamples" : 1, "totalRequests" : 15000 }, "trustAllIps" : false, "trustedTrafficLoosen" : { "differentSources" : 1, "maxDaysBetweenSamples" : 7, "minHoursBetweenSamples" : 0 }, "trustedTrafficSiteChangeTracking" : { "differentSources" : 1, "maxDaysBetweenSamples" : 7, "minMinutesBetweenSamples" : 0 }, "untrustedTrafficLoosen" : { "differentSources" : 20, "maxDaysBetweenSamples" : 7, "minHoursBetweenSamples" : 1 }, "untrustedTrafficSiteChangeTracking" : { "differentSources" : 10, "maxDaysBetweenSamples" : 7, "minMinutesBetweenSamples" : 20 } }, "policy-builder-central-configuration" : { "buildingMode" : "local", "eventCorrelationMode" : "local" }, "policy-builder-cookie" : { "collapseCookiesIntoOneEntity" : false, "enforceUnmodifiedCookies" : false, "learnExplicitCookies" : "selective", "maximumCookies" : 100 }, "policy-builder-filetype" : { "learnExplicitFiletypes" : "compact", "maximumFileTypes" : 50 }, "policy-builder-header" : { "maximumHosts" : 10000, "validHostNames" : true }, "policy-builder-parameter" : { "classifyParameters" : false, "collapseParameterOccurrences" : 10, "collapseParametersIntoOneEntity" : true, "dynamicParameters" : { "allHiddenFields" : false, "formParameters" : false, "linkParameters" : false, "uniqueValueSets" : 10 }, "learnExplicitParameters" : "selective", "maximumParameters" : 10000, "parameterLearningLevel" : "global", "parametersIntegerValue" : false }, "policy-builder-redirection-protection" : { "learnExplicitRedirectionDomains" : "always", "maximumRedirectionDomains" : 100 }, "policy-builder-server-technologies" : { "enableServerTechnologiesDetection" : true }, "policy-builder-sessions-and-logins" : { "learnLoginPage" : false }, "policy-builder-url" : { "classifyUrls" : false, "classifyWebsocketUrls" : false, "collapseUrlsIntoOneEntity" : false, "learnExplicitUrls" : "never", "learnExplicitWebsocketUrls" : "never", "learnMethodsOnUrls" : false, "maximumUrls" : 10000, "maximumWebsocketUrls" : 100, "wildcardUrlFiletypes" : [ "bmp", "gif", "ico", "jpeg", "jpg", "pcx", "pdf", "png", "swf", "wav" ] }, "protocolIndependent" : false, "redirection-protection" : { "redirectionDomains" : [ { "domainName" : "*", "type" : "wildcard", "wildcardOrder" : 1 } ], "redirectionProtectionEnabled" : true }, "redirection-protection-domains" : [ { "domainName" : "*", "type" : "wildcard", "wildcardOrder" : 1 } ], "response-pages" : [ { "responseActionType" : "default", "responsePageType" : "graphql" }, { "ajaxActionType" : "alert-popup", "ajaxPopupMessage" : "These username and password were found in the Leaked Credentials Data Base. They maybe used by attackers to compromise your account. Please change password.", "responsePageType" : "leaked-credentials-ajax" }, { "responseActionType" : "default", "responsePageType" : "leaked-credentials" }, { "ajaxActionType" : "alert-popup", "ajaxPopupMessage" : "Login Failed. Username or password is incorrect. Please try to log in again.", "responsePageType" : "failed-login-honeypot-ajax" }, { "responseActionType" : "default", "responsePageType" : "failed-login-honeypot" }, { "responseActionType" : "default", "responsePageType" : "captcha-fail" }, { "responseActionType" : "default", "responsePageType" : "captcha" }, { "responseActionType" : "default", "responsePageType" : "mobile" }, { "responseActionType" : "default", "responsePageType" : "persistent-flow" }, { "responseActionType" : "erase-cookies", "responsePageType" : "hijack" }, { "ajaxActionType" : "alert-popup", "ajaxPopupMessage" : "The requested URL was rejected. Please consult with your administrator. Your support ID is: <%TS.request.ID()%>", "responsePageType" : "ajax-login" }, { "ajaxActionType" : "alert-popup", "ajaxEnabled" : false, "ajaxPopupMessage" : "The requested URL was rejected. Please consult with your administrator. Your support ID is: <%TS.request.ID()%>", "responsePageType" : "ajax" }, { "responseActionType" : "soap-fault", "responsePageType" : "xml" }, { "responseActionType" : "default", "responsePageType" : "default" } ], "sensitive-parameters" : [ { "name" : "password" } ], "session-tracking" : { "delayBlocking" : {}, "sessionTrackingConfiguration" : { "enableSessionAwareness" : false, "enableTrackingSessionHijackingByDeviceId" : false } }, "signature-sets" : [ { "alarm" : true, "block" : true, "learn" : true, "name" : "Generic Detection Signatures" } ], "signature-settings" : { "attackSignatureFalsePositiveMode" : "disabled", "minimumAccuracyForAutoAddedSignatures" : "low", "placeSignaturesInStaging" : true, "signatureStaging" : true }, "softwareVersion" : "16.1.2", "template" : { "name" : "POLICY_TEMPLATE_FUNDAMENTAL" }, "threat-campaign-settings" : { "threatCampaignEnforcementReadinessPeriod" : 1, "threatCampaignStaging" : false }, "type" : "security", "urls" : [ { "attackSignaturesCheck" : true, "clickjackingProtection" : false, "description" : "", "disallowFileUploadOfExecutables" : false, "html5CrossOriginRequestsEnforcement" : { "enforcementMode" : "disabled" }, "isAllowed" : true, "mandatoryBody" : false, "metacharsOnUrlCheck" : false, "method" : "*", "methodsOverrideOnUrlCheck" : false, "name" : "*", "performStaging" : true, "protocol" : "http", "type" : "wildcard", "urlContentProfiles" : [ { "headerName" : "*", "headerOrder" : "default", "headerValue" : "*", "type" : "apply-value-and-content-signatures" }, { "headerName" : "Content-Type", "headerOrder" : "1", "headerValue" : "*form*", "type" : "form-data" }, { "contentProfile" : { "name" : "Default" }, "headerName" : "Content-Type", "headerOrder" : "2", "headerValue" : "*json*", "type" : "json" }, { "contentProfile" : { "name" : "Default" }, "headerName" : "Content-Type", "headerOrder" : "3", "headerValue" : "*xml*", "type" : "xml" } ], "wildcardIncludesSlash" : true, "wildcardOrder" : 2 }, { "attackSignaturesCheck" : true, "clickjackingProtection" : false, "description" : "", "disallowFileUploadOfExecutables" : false, "html5CrossOriginRequestsEnforcement" : { "enforcementMode" : "disabled" }, "isAllowed" : true, "mandatoryBody" : false, "metacharsOnUrlCheck" : false, "method" : "*", "methodsOverrideOnUrlCheck" : false, "name" : "*", "performStaging" : true, "protocol" : "https", "type" : "wildcard", "urlContentProfiles" : [ { "headerName" : "*", "headerOrder" : "default", "headerValue" : "*", "type" : "apply-value-and-content-signatures" }, { "headerName" : "Content-Type", "headerOrder" : "1", "headerValue" : "*form*", "type" : "form-data" }, { "contentProfile" : { "name" : "Default" }, "headerName" : "Content-Type", "headerOrder" : "2", "headerValue" : "*json*", "type" : "json" }, { "contentProfile" : { "name" : "Default" }, "headerName" : "Content-Type", "headerOrder" : "3", "headerValue" : "*xml*", "type" : "xml" } ], "wildcardIncludesSlash" : true, "wildcardOrder" : 1 } ], "websocket-urls" : [ { "allowBinaryMessage" : true, "allowJsonMessage" : true, "allowTextMessage" : true, "checkBinaryMessageMaxSize" : false, "checkMessageFrameMaxCount" : false, "checkMessageFrameMaxSize" : false, "checkPayload" : true, "description" : "", "html5CrossOriginRequestsEnforcement" : { "enforcementMode" : "disabled" }, "isAllowed" : true, "jsonProfile" : { "name" : "Default" }, "metacharsOnWebsocketUrlCheck" : false, "name" : "*", "performStaging" : true, "plainTextProfile" : { "name" : "Default" }, "protocol" : "ws", "type" : "wildcard", "unsupportedExtensions" : "remove", "wildcardIncludesSlash" : true, "wildcardOrder" : 2 }, { "allowBinaryMessage" : true, "allowJsonMessage" : true, "allowTextMessage" : true, "checkBinaryMessageMaxSize" : false, "checkMessageFrameMaxCount" : false, "checkMessageFrameMaxSize" : false, "checkPayload" : true, "description" : "", "html5CrossOriginRequestsEnforcement" : { "enforcementMode" : "disabled" }, "isAllowed" : true, "jsonProfile" : { "name" : "Default" }, "metacharsOnWebsocketUrlCheck" : false, "name" : "*", "performStaging" : true, "plainTextProfile" : { "name" : "Default" }, "protocol" : "wss", "type" : "wildcard", "unsupportedExtensions" : "remove", "wildcardIncludesSlash" : true, "wildcardOrder" : 1 } ], "xml-profiles" : [ { "attachmentsInSoapMessages" : false, "attackSignaturesCheck" : true, "defenseAttributes" : { "allowCDATA" : true, "allowDTDs" : true, "allowExternalReferences" : true, "allowProcessingInstructions" : true, "maximumAttributeValueLength" : "any", "maximumAttributesPerElement" : "any", "maximumChildrenPerElement" : "any", "maximumDocumentDepth" : "any", "maximumDocumentSize" : "any", "maximumElements" : "any", "maximumNSDeclarations" : "any", "maximumNameLength" : "any", "maximumNamespaceLength" : "any", "tolerateCloseTagShorthand" : true, "tolerateLeadingWhiteSpace" : true, "tolerateNumericNames" : true }, "description" : "Default XML Profile", "enableWss" : false, "followSchemaLinks" : false, "inspectSoapAttachments" : false, "metacharAttributeCheck" : false, "metacharElementCheck" : false, "name" : "Default", "useXmlResponsePage" : false, "validationFiles" : [], "validationSoapActionHeader" : false } ] }, "modifications" : [ { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "Directory traversals" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Check maximum number of parameters" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "No Host header in HTTP/1.1 request" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable enforcement of policy violation", "entity" : { "name" : "VIOL_HEADER_LENGTH" }, "entityChanges" : { "alarm" : true, "block" : true }, "entityType" : "violation" }, { "action" : "add-or-update", "description" : "Enable enforcement of policy violation", "entity" : { "name" : "VIOL_REQUEST_MAX_LENGTH" }, "entityChanges" : { "alarm" : true, "block" : true }, "entityType" : "violation" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Check maximum number of headers" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "Multiple decoding" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Bad multipart/form-data request parsing" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Bad multipart parameters parsing" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Multiple host headers" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Header name with no header value" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable enforcement of policy violation", "entity" : { "name" : "VIOL_COOKIE_LENGTH" }, "entityChanges" : { "alarm" : true, "block" : true }, "entityType" : "violation" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "Bad unescape" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Chunked request with Content-Length header" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "%u decoding" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "Bare byte decoding" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "CRLF characters before request start" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "IIS Unicode codepoints" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Content length should be a positive number" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable HTTP Check", "entity" : { "description" : "Bad host header value" }, "entityChanges" : { "enabled" : true }, "entityType" : "http-protocol" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "Apache whitespace" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" }, { "action" : "add-or-update", "description" : "Enable Evasion Technique", "entity" : { "description" : "IIS backslashes" }, "entityChanges" : { "enabled" : true }, "entityType" : "evasion" } ] }