spalande
Aug 23, 2024Nacreous
API WAF policy
- Does anyone have experience in setting up API security WAF policy successfully using open API swagger file?
- Do we have to import JSON schema files separately along with the swagger file or JSON schema which was created automatically by awaf after the import of the swagger file is good to go?
- Is anyone able to import more than 1 JSON schema file successfully under same JSON profile?
Background:
We have imported the swagger file provided by the app team and awaf has recognized all entities (URL, parameters) correctly. It has also created a custom JSON content profile and JSON schema file automatically. However, the requests were blocked with the default JSON schema file with violation of JSON not compliant with schema.
We then imported the JSON schema file provided by the app team and it worked as expected. But API has 4 JSON schema files for diff kinds of payloads and uses the same endpoint/URL. when we are trying to import more than 1 JSON schema file under 1 JSON profile we are getting a validation failed error.
Has anyone faced similar issue with API WAF policy?