Forum Discussion
Julie
Altostratus
I've made sure that the JSON profile is is first in line, but looking more closely at this, I'm seeing that the problematic POST requests are coming in as
Content-Type: text/plain
with
Accept: application/json, text/javascript, */*; q=0.01
I'm assuming this explains why it's not parsing properly? Or should it be recognizing the content as JSON automatically?
Simon_Blakely
Aug 24, 2020Employee
You can just apply a JSON profile to a URL, if all the posts to that URL are going to be JSON (without using Header-Based profile selection).
Once the data is being interpreted correctly, the violations should be restricted to the specific parameters that hold text. You can then exclude those parameters from specific Attack signatures without disabling them from the entire policy.