cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

JSON Parser Attack

Sriram_Shanmuga
Altostratus
Altostratus

Hi All,

 

I have enabled WAF policy in blocking mode and i could see the WAF is blocking. Client is using JSON scripts and its being blocked by WAF.

 

How to bypass the JSON parser attack .

 

Thanks

 

2 REPLIES 2

Sriram_Shanmuga
Altostratus
Altostratus

I have enabled WAF policy and apply to a Virtual server in Transparent mode. When the user execute JSON script in Postman tool, they are thrown a support id.

 

Is it an expected behavior from WAF ?

 

Regaards RAM

 

OM
Nimbostratus
Nimbostratus

enabling WAF may block requests if you don't custom your policy according to your needs.

if your json content has some special characters or any pattern that may match a signature, the request may get blocked.

you can look at the logs and see what is the reason of the blocking.