How to: Allow Parameter Meta-Characters¶
In this example we configure allowed meta-characters in parameter name and value.
{
"policy": {
"name": "parameters_allowed_metachars",
"template": {
"name": "POLICY_TEMPLATE_RATING_BASED"
},
"applicationLanguage": "utf-8",
"enforcementMode": "blocking",
"blocking-settings": {
"violations": [
{
"name": "VIOL_PARAMETER_MULTIPART_NULL_VALUE",
"alarm": true,
"block": true
},
{
"name": "VIOL_PARAMETER_NAME_METACHAR",
"alarm": true,
"block": true
},
{
"name": "VIOL_PARAMETER_VALUE_METACHAR",
"alarm": true,
"block": true
}
]
},
"parameters": [
{
"checkMetachars": true,
"sensitiveParameter": false,
"parameterLocation": "any",
"valueType": "auto-detect",
"nameMetacharOverrides": [
{
"isAllowed": true,
"metachar": "0x3c"
},
{
"isAllowed": true,
"metachar": "0x3e"
}
],
"metacharsOnParameterValueCheck": true,
"allowEmptyValue": true,
"checkMaxValueLength": false,
"valueMetacharOverrides": [
{
"isAllowed": true,
"metachar": "0x3c"
},
{
"isAllowed": true,
"metachar": "0x3e"
}
],
"name": "*",
"level": "global",
"allowRepeatedParameterName": true,
"attackSignaturesCheck": true,
"signatureOverrides": [],
"type": "wildcard"
}
]
}
}