CirrusIcontrol REST upload and apply policy- section "http-protocols" ignored?
I have templates defined for REST API security policies. Basic set up is done in JSON and remaining policy is build based on the swagger file. When I want add to JSON template for examples file types, json profiles, urls, brute force protection, parameters, ... it works well and changes are visible in GUI. But when I put to template section "http-protocols" it seems that is ignored. Security policy is uploaded, imported and applied with no errors but changes are not visible. Snippet of JSON is visible below.
"http-protocols" : [ { "description" : "Multiple host headers", "enabled" : true, "learn" : true }, { "description" : "Check maximum number of parameters", "enabled" : true, "learn" : true, "maxParams" : 100 }, { "description" : "Bad host header value", "enabled" : true, "learn" : true }, { "description" : "Check maximum number of headers", "enabled" : false, "learn" : true, "maxHeaders" : 30 }, { "description" : "Content length should be a positive number", "enabled" : true, "learn" : true } ]
For some item I want to change configuration. For example I want enable "Maximum numbers of parameters" and change value for number of parameters. But section "HTTP Protocol Compliance failed" under "Learning and Blocking Settings" is not changed.
Is it supported to modify "http-protocols" with icontrol (upload ->import->apply)?
Your settings for http-protocols are ignored because the json path is invalid. It must be a sub-key of blocking-settings.
{ "policy" : { "blocking-settings" : { "http-protocols" : [ { "description" : "Multiple host headers", "enabled" : true, "learn" : false } } } }
