JSON content types
By default, the Web App Firewall treats files with the content type “application/json” as JSON files.The default setting enables the Web App Firewall to recognize JSON content in requests and responses, and to handle that content appropriately.
You can configure the Web App Firewall to examine web content for additional strings or patterns that indicate that those files are JSON files. This can ensure that the Web App Firewall recognizes all JSON content on your site, even if certain JSON content does not follow normal JSON naming conventions, ensuring that JSON content is subjected to JSON security checks.
To configure the JSON content types, you add the appropriate patterns to the JSON Content Types list. You can enter a content type as a string, or you can enter a PCRE-compatible regular expression specifying one or more strings. You can also modify the existing JSON content types patterns.
To add a JSON content type pattern by using the command line interface
At the command prompt, type the following commands:
add appfw JSONContentType <JSONContenttypevalue> [-isRegex ( REGEX | NOTREGEX )]
save ns config
The following example adds the pattern .*/json to the JSON Content Types list and designates it as a regular expression.
add appfw JSONContentType ".*/json" -isRegex REGEX
To configure the JSON content type list by using the GUI
- Navigate to Security > Application Firewall.
- In the details pane, under Settings, click Manage JSON Content Types.
- In the Manage JSON Content Types dialog box, do one of the following:
- To add a new JSON content type, click Add.
- To modify an existing JSON content type, select that type and then click Edit. The Configure Web App Firewall JSON Content Type dialog appears. Note: If you select an existing JSON content type pattern and then click Add, the dialog box displays the information for that JSON content type pattern. You can modify that information to create your new JSON content type pattern.
- In the dialog box, fill out the elements. They are:
- IsRegex. Select or clear to enable PCRE-format regular expressions in the form field name.
- JSON Content Type Enter a literal string or PCRE-format regular expression that matches the JSON content type pattern that you want to add.
- Click Create or OK.
- To remove a JSON content type pattern from the list, select it, then click Remove to remove it, and then click OK to confirm your choice.
- When you have finished adding and removing XML content type patterns, click Close.