Contents

Popular
 Contents

Regex (Regular Expression) Protection policy extracts information from a message (for example, URI Path, Query Param, Header, Form Param, Variable, XML Payload, or JSON Payload) and evaluates the data against predefined regular expressions and rejects the request if the specified patterns are matched since it is considered as a threat.

Configuration

The properties that have to be configured to use the policy are described below.



Figure 1: Regex Protection Policy Configuration attributes

PropertyDescription
Ignore Unresolved VariablesIf any of the variables being used as part of the configuration are not present in the incoming message, this property is used to determine whether the condition needs to be ignored or treated as an error. When enabled, the flow continues as usual. Otherwise, an error is sent back to the client reporting that the property is missing.
Check URI PathEnable if information needs to be retrieved from the request URI path and matched with the regular expressions provided.
URI Path Pattern

Provides the regular expressions against which information extracted from the URI path needs to be evaluated.

Enable this property to add the pattern using Add button.

Is XML PayloadEnable if information needs to be retrieved from an XML payload and matched with the regular expression provided. 
XML Payload Namespaces

To add XML Namespaces to be used in the XPath evaluation.

Enable this property to add the pattern using Add button.

XPath ExpressionTo specify the XPath expression for the variable.
XPath TypeThe datatype for the Xpath.
XPath Pattern

To add regular expression patterns.

Click Add button to add patterns.

Is JSON PayloadEnable if information needs to be retrieved from a JSON payload and matched with the regular expression provided. 
JSON Path ExpressionTo specify the JSON expression for the variable.
JSON Path Pattern

To add regular expression patterns.

Click Add button to add patterns.

VariableTo add additional variables.

Example

The request URL used in this example is the following:

The request body should be like:

Configure Regex Protection policy for this project as shown below:

Figure 2: Regex Protection policy properties with values provided

The JSON Path Expression $.name points to the name field of the JSON sent in the request body, which is "JOHN". The JSON Path Pattern [A-Z]*$ matches with any string which constitutes of uppercase letters only. Hence, the above JSON input is considered a threat and the request is rejected.


Figure 3: Error message of failed Regex Protection policy

Icon

In the same way, regular expression patterns can be set for Header, Form Params and Variables. 

Adaptavist ThemeBuilder EngineAtlassian Confluence