This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
XML Denial-of-Service check
The XML Denial of Service (XML DoS or XDoS) check examines incoming XML requests to determine whether they match the characteristics of a denial-of-service (DoS) attack, and blocks those requests that do. The purpose of the XML DoS check is to prevent an attacker from using XML requests to launch a denial-of-service attack on your web server or web site.
If you use the wizard or the GUI, in the Modify XML Denial-of-Service Check dialog box, on the General tab you can enable or disable the Block, Log, Statistics, and Learn actions:
If you use the command-line interface, you can enter the following command to configure the XML Denial-of-Service check:
set appfw profile <name> -xmlDoSAction [**block**] [**log**] [**learn**] [**stats**] [**none**]
To configure individual XML Denial-of-Service rules, you must use the GUI. On the Checks tab of the Modify XML Denial-of-Service Check dialog box, select a rule and click Open to open the Modify XML Denial-of-Service dialog box for that rule. The individual dialog boxes differ for the different rules but are extremely simple. Some only allow you to enable or disable the rule; others allow you to modify a number by typing a new value in a text box.
Note:
The expected behavior of Learning engine for denial-of-service attack is based on the configured action. If the action is set as “Block”, the engine learns the configured bind value +1 and the XML parsing stops when there is a violation. If the configured action is not set as “Block”, the engine learns the actual incoming violation length value.
The individual XML Denial-of-Service rules are:
-
Maximum Element Depth
Restrict the maximum number of nested levels in each individual element to 256. If this rule is enabled, and the Web App Firewall detects an XML request with an element that has more than the maximum number of allowed levels, it blocks the request. You can modify the maximum number of levels to any value from one (1) to 65,535.
-
Maximum Element Name Length
Restrict the maximum length of each element name to 128 characters. This includes the name within the expanded namespace, which includes the XML path and element name in the following format:
{http://prefix.example.com/path/}target_page.xml <!--NeedCopy-->
The user can modify the maximum name length to any value between one (1) character and 65,535.
-
Maximum # Elements
Restrict the maximum number of any one type of element per XML document to 65,535. You can modify the maximum number of elements to any value between one (1) and 65,535.
-
Maximum # Element Children
Restrict the maximum number of children (including other elements, character information, and comments) each individual element is allowed to have to 65,535. You can modify the maximum number of element children to any value between one (1) and 65,535.
-
Maximum # Attributes
Restrict the maximum number of attributes each individual element is allowed to have to 256. You can modify the maximum number of attributes to any value between one (1) and 256.
-
Maximum Attribute Name Length
Restrict the maximum length of each attribute name to 128 characters. You can modify the maximum attribute name length to any value between one (1) and 2,048.
-
Maximum Attribute Value Length
Restrict the maximum length of each attribute value to 2048 characters. You can modify the maximum attribute name length to any value between one (1) and 2,048.
-
Maximum Character Data Length
Restrict the maximum character data length for each element to 65,535. You can modify the length to any value between one (1) and 65,535.
-
Maximum File Size
Restrict the size of each file to 20 MB. You can modify the maximum file size to any value.
-
Minimum File Size
Require that each file be at least 9 bytes in length. You can modify the minimum file size to any positive integer representing a number of bytes.
-
Maximum # Entity Expansions
Limit the number of entity expansions allowed to the specified number. Default: 1024.
-
Maximum Entity Expansion Depth
Restrict the maximum number of nested entity expansions to no more than the specified number. Default: 32.
-
Maximum # Namespaces
Limit the number of namespace declarations in an XML document to no more than the specified number. Default: 16.
-
Maximum Namespace URI Length
Limit the URL length of each namespace declaration to no more than the specified number of characters. Default: 256.
-
Block Processing Instructions
Block any special processing instructions included in the request. This rule has no user-modifiable values.
-
Block DTD
Block any document type definitions (DTD) included with the request. This rule has no user-modifiable values.
-
Block External Entities
Block all references to external entities in the request. This rule has no user-modifiable values.
-
SOAP Array Check
Enable or disable the following SOAP array checks:
- Maximum SOAP Array Size. The maximum total size of all SOAP arrays in an XML request before the connection is blocked. You can modify this value. Default: 20000000.
- Maximum SOAP Array Rank. The maximum rank or dimensions of any single SOAP array in an XML request before the connection is blocked. You can modify this value. Default: 16.
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.