JSON Protection Checks

Citrix Web App Firewall protects your JSON applications from content-level DoS, SQL, or cross-site scripting attacks. When an JSON request has a DoS, SQL, or cross-site scripting attack, you must protection your application by configuring limits on JSON structures such as arrays and strings.

Note:

The JSON security checks apply only to content that is sent with a JSON content-type header. If the content-type header is missing, or is set to a different value, all JSON security checks are bypassed. If you want to protect your JSON applications, the webmasters of each web server that hosts those applications must ensure a proper JSON content-type header is sent.

The learning feature is not support for JSON SQL, cross-site scripting, DOS content types.

JSON Protection Checks