Contents

Popular
 Contents

Regex (Regular Expression) Protection policy extracts information from a message (for example, URI Path, Query Param, Header, Form Param, Variable, XML Payload, or JSON Payload) and evaluates the data against predefined regular expressions and rejects the message that is considered as a threat.

Configuration

The properties that have to be configured to use the policy are described below.


Figure 1: Regex Protection Policy Configuration attributes

PropertyDescription
Source Message

The message from which information needs to be extracted.

URI Path Pattern

Provides the regular expressions against which information extracted from the URI path needs to be evaluated.

Enable this property to add the pattern using Add button.

Query Param

Specifies that information needs to be extracted from the request query parameter and evaluated against the regular expressions provided.

Query Param PatternProvides the regular expressions against which information extracted from the request query parameter needs to be evaluated.
HeaderSpecifies that information needs to be extracted from the headers (request and response) and evaluated against the regular expressions provided.
Header PatternProvides the regular expressions against which information extracted from the request and response headers needs to be evaluated.
Form ParamSpecifies that information needs to be extracted from the request form parameter and evaluated against the regular expressions provided.
Form Param PatternProvides the regular expressions against which information extracted from the request form parameter needs to be evaluated.
VariableSpecifies that information needs to be extracted from the given variable and evaluated against the regular expressions provided.
Variable Param PatternProvides the regular expressions against which information extracted from the given variable needs to be evaluated.

Example

The request URL used in this example is the following:

http://192.168.2.39:1860/wsstub/1.0/gettripprice?adults=adu&duration=dur&from=fro&rooms=roo&to=to

The response for this request (when there is no Regex Protection policy added) is as shown below:

{"Envelope": {"Body": {"getTripPriceResponse": {"return": "dur"}}}}

Configure Regex Protection policy for this project as shown below:


Figure 2:Regex Protection policy properties with values provided in the Example

The Query Parameter used, 'duration', is one of the parameters. The Query Parameters pattern [a-zA-Z]+[ a-zA-Z-_]* matches first Alpha character and followed by any number of Characters/Spaces/Hyphens/Underscore.

If the duration parameter is set to any value which matches the pattern set, then it will be treated as threat.

Send the above request after adding the policy to the Proxy Request.

It will be considered as a threat and will be rejected; the error output looks as below:

{

  "ErrorMessage" : "Regular Expression Threat Detected",

  "ErrorCode" : "Threat Detected",

  "MoreInfo" : "Policy Name - Regex, Type - REGEX_PROTECTION"

}

Icon

In the same way, regular expression patterns can be set for Header, Form Params and Variables. 

Adaptavist ThemeBuilder EngineAtlassian Confluence