I have a use case where I want to log request body if json threat protection policy fails. How to identify that JSON threat protection policy is failing ? Is there some flag or system variable which tells about failure of specific policy ?
Hi @ukansara,
Please take a look at the documentation we have on Fault Handling â it explains how to create a special flow called a in your proxy that executes when a policy throws an error. You can configure the FaultRule flow to conditionally execute any other policy, such as a RaiseFault policy, that returns a custom error message. The condition for executing that policy could be an error status or other output from the policy that failed. Thereâs a good discussion with a complete example on the community in this thread.
Will
1 Like
Hi @ukansara
By default, Edge throws an HTTP 500 Internal Server Error status code and an ExecutionFailed error if a message doesnât make it past a JSON or XML Threat Protection policy.
However you can change that error behavior with a new organization-level property. When setting org property features.isPolicyHttpStatusEnabled to true, the following behavior occurs:
- Request: With a threat protection policy attached to any request flow, invalid messages return a 400 status code, along with a corresponding policy error message.
- Response: With a threat protection policy attached to any response flow, invalid messages still return a 500 status code, and one of the corresponding policy error messages is thrown (rather than just ExecutionFailed).
Checkout the âError Codesâ section under JSON/XML or Regex protection policy docs. They have examples on handling faults. Hope this helps!
hi @sudheendra1,
Thanks for your response.
So in my case I have multiple policies in proxy end point including JSON threat protection. Now I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?
hi @wwitman
Thanks for your response.
In my case I have multiple policies in proxy end point including JSON threat protection policy. Moreover I also have default fault rule which executes javascript policy for logging to splunk. Now I want to log request body only in case of JSON threat protection policy failure and not other policy failures in this javascript policy. How should I do that ?
You should be able to use a conditional test in the form:
<policy-variable-namespace>.<policy-name>.failed = "true", for example
verifyapikey.check-api-key.failed = "true"
where âcheck-api-keyâ is the name given to that policy. Check the particular policy for the variable namespace. Quota and SpikeArrest, for instance, are in âratelimitâ.
1 Like