In the XML or JSON threat protection policies, there does not appear to be any way to structure the configured limit by file size in bytes. All size-related parameterized limits are in units of characters or elements or things of this nature. Is there any sensical way to translate the available metrics into a size in bytes or is there any elegant way to achieve this kind of limitation? Thanks!
Here is the default policy code for the XML and JSON threat protection policies:
<JSONThreatProtection async="false" continueOnError="false" enabled="true" name="JSON-Threat-Protection-1">
<DisplayName>JSON Threat Protection 1</DisplayName>
<ArrayElementCount>20</ArrayElementCount>
<ContainerDepth>10</ContainerDepth>
<ObjectEntryCount>15</ObjectEntryCount>
<ObjectEntryNameLength>50</ObjectEntryNameLength>
<Source>request</Source>
<StringValueLength>500</StringValueLength>
</JSONThreatProtection>
<XMLThreatProtection async="false" continueOnError="false" enabled="true" name="XML-Threat-Protection-1">
<DisplayName>XML Threat Protection 1</DisplayName>
<NameLimits>
<Element>10</Element>
<Attribute>10</Attribute>
<NamespacePrefix>10</NamespacePrefix>
<ProcessingInstructionTarget>10</ProcessingInstructionTarget>
</NameLimits>
<Source>request</Source>
<StructureLimits>
<NodeDepth>5</NodeDepth>
<AttributeCountPerElement>2</AttributeCountPerElement>
<NamespaceCountPerElement>3</NamespaceCountPerElement>
<ChildCount includeComment="true" includeElement="true" includeProcessingInstruction="true" includeText="true">3</ChildCount>
</StructureLimits>
<ValueLimits>
<Text>15</Text>
<Attribute>10</Attribute>
<NamespaceURI>10</NamespaceURI>
<Comment>10</Comment>
<ProcessingInstructionData>10</ProcessingInstructionData>
</ValueLimits>
</XMLThreatProtection>
And here is a link to the Apigee Docs pages for the these policies: http://apigee.com/docs/api-services/content/content-threat-protection
Best, Chris