By default, the application firewall treats files with the content type "application/json" as JSON files.The default setting enables the application firewall to recognize JSON content in requests and responses, and to handle that content appropriately.
You can configure the application firewall to examine web content for additional strings or patterns that indicate that those files are JSON files. This can ensure that the application firewall recognizes all JSON content on your site, even if certain JSON content does not follow normal JSON naming conventions, ensuring that JSON content is subjected to JSON security checks.
To configure the JSON content types, you add the appropriate patterns to the JSON Content Types list. You can enter a content type as a string, or you can enter a PCRE-compatible regular expression specifying one or more strings. You can also modify the existing JSON content types patterns.
At the command prompt, type the following commands:
The following example adds the pattern .*/json to the JSON Content Types list and designates it as a regular expression.
add appfw JSONContentType ".*/json" -isRegex REGEX