WAF Profile contains a mapping from HTTP Content-Type value to the WAF request body processor. A request body processor is a WAF component responsible for parsing a particular format of an HTTP request, like application/x-www-form-urlencoded, JSON or XML. This section discusses more information on WAF request body parsers for various content types and how WAF uses them.
Though WAF ships with default settings for popular content types, on some occasions there can be a need to configure a specific content type used by a particular application. For example, when you configure application/xml Content-Type to use request body processor XML, it indicates that the XML request body processor will be used when WAF processes an HTTP request with application/xmlContent-Type header. The XML request body processor parses the XML contents of the request and allows for the use of XML variables in Signature rules.
Content Type Mapping in WAF Profile supports enabling the string operations (equals and regular expressions) for matching the content type. Note that all equals matches are checked before the regular expression matches.
This feature is important if the application supports many different content types that can be expressed through a regular expression.
The following is a list of available request body parsers.
Request body parser |
Description |
---|---|
URL Encoded |
WAF request body parser for URL encoded data (application/x-www-form-urlencoded Content-Type). |
Multipart |
WAF request body parser for multipart form data (Content-Type multipart/form-data). |
JSON |
WAF request body parser for JSON data. |
XML |
WAF request body parser for XML data. |
As String |
WAF request body parser that does not attempt to interpret the body of incoming requests in any way and does not set ARGS WAF variables. REQUEST_BODY variable is set to the value of request body data. HTTP request is treated as a text and WAF attempts to scan for potential attack vectors in request data. However, it is advised to use a more specific request body parser if possible. |
Do Not Parse |
WAF request body parser that does not attempt to parse incoming requests and does not set any WAF variables, effectively turning off WAF protection for a given content type. Use |
When writing custom PRE or POST CRS (Core Rule Set) rules, you can use the ctl:requestBodyProcessor action to set the request body processor when the conditions specified in the rule are met. Setting the request body processor using ctl:requestBodyProcessor action takes precedence over the WAF Profile setting.