A JSON key profile is used to validate keys present in JSON requests. Multiple key profiles can be configured with different JSON key validation settings, and associated with the JSON profile.
For example, consider a JSON request with the following parameters:
The JSON keys:
- “First-name”, “Last-name” and “Email” can have string values
- “Age” can have a numeric value
- “Comments” can have different metacharacters including the script tag.
In the example above, “Age” and “Comments” keys are of different value types (i.e. “Number” and “Any" respectively) for which JSON key profiles can be defined and associated with the JSON profile. A key in the JSON request can include different types of values, such as String, Number, Array, Object, or Any. If you want to validate the values of a specific key, you can define rules for the key using Add Key Profile on the WEBSITES > JSON Security page, and associate with the JSON profile.
You can associate key value class to define the security policies for that particular key profile. For example, if key value class 'string' is selected, the Barracuda Web Application Firewall ensures that the respective key is checked for denied metacharacters, SQL, XSS, OS injection attack, etc. If the key value class “login” is selected, the Barracuda Web Application Firewall will validate to ensure that only alphanumeric values are sent and check the respective key values for SQL Injection attacks.
If a service does not have a JSON Key Profile associated, but the JSON Profile configuration has the “Validate Key” configuration set to “Yes”, then keys seen in the JSON request are validated against the attack types selected in the JSON Profile. However, individual key values will not be validated for attacks.
Steps to Add a JSON Key Profile:
- Go to the WEBSITES > JSON Security page.
- In the JSON Security section, click Add Key Profile next to the JSON profile.
- In the Add JSON Key Profile window:
- Status: Set to On.
- Key: Specify the key that needs to be validated in the JSON request.
- Value Type: Select the type of value (String, Array, Number, Object, or Any) associated with the specified key.
- Specify values for other parameters as required.
- Click Save.