Meanwhile I found a solution that works for me: My script, thats creates the declarative waf policy, parses now the OpenAPI file and adds the necessary json content profile declarations to the final policy file. The OpenAPI import through the declaration executes the other steps: creates and adds the json schmema to the already created json content profile.
I think this is a better solution than making some API requests after policy import to change this values.
The profiles are automatically created through the import of the OpenAPI files and the Defense Attributes of this JSON Content Profiles are always set to the values from the screenshot. My question is how I can set this defaults without knowing the name of the JSON Content Profiles beforehand. The names are dynamically created from the OpenAPI definition. I use a declaration to create the Policy.
I tried to change the Defense Attributes of the default json content profile and I hopped the created json content profiles inherits there defense attribute settings from this profile, but this is not the case. I found also no other place to define this defaults.
Juergen_Mang, can you give me a sanitized version of a sample policy with the openAPI files and point out where the defaults are in them? I'm not super familiar with that, but I might be able to work the script side out for you so they can be run on import manually, or if possible, automatically. Won't know until I have some sample data to work with. Let me know!
Changing this afterwards through API is certainly possible, but it would be better If we can change it inside a declarative WAF policy. I tried it with the modifcation section, but it does not worked. It seems the modifications section does not support the entityTyoe "json-profiles", but I have not found any documentation on this. My next try is to integrate this in my main policy file.
Can you have look at the "RFE ID 1186661 - defense attributes for JSON profiles in policy created from OpenAPI file should have value "any" by default". I think this not the best solution to solve this issue. An even better solution would be: Add a posibility to let the user change this values and not to hardcode only other values.