Before you can complete this task, you need to have already created a security
policy for your application.
This task describes how to create a JSON profile that defines the properties that
the security policy enforces for an application sending JSON payloads.
Note: The system supports JSON in UTF-8 and UTF-16 encoding.
On the Main tab, click
The Create New JSON Profile screen opens.
Type the name of the profile.
Adjust the maximum values that define the JSON data for the AJAX application,
or use the default values.
In the Attack Signatures tab, in the Global Security Policy
Settings list, select any attack signatures that you want to
apply to this profile, and then move them into the Overridden
Security Policy Settings list.
Tip: If no attack signatures are listed in the Global
Security Policy Settings list, create the profile, update
the attack signatures, then edit the profile.
Once you have moved any applicable attack signatures to the
Overridden Security Policy Settings list, enable or
disable eachthem as needed:
||Enforces the attack signature for this JSON profile, although the
signature might be disabled in general. The system reports the violation
Attack Signature Detected when the JSON in a request
matches the attack signature.
||Disables the attack signature for this JSON profile, although the
signature might be enabled in general.
To allow or disallow specific meta characters in JSON data (and thus override
the global meta character settings), click the Value Meta Characters tab.
- Select the Check characters check box, if it is
not already selected.
- Move any meta characters that you want allow or disallow from the
Global Security Policy Settings list into the
Overridden Security Policy Settings
- In the Overridden Security Policy Settings list,
change the meta character state to Allow or
To mask sensitive JSON data (replacing it with asterisks), click the Sensitive
Data Configuration tab.
- In the Element Name field, type the JSON element
whose values you want the system to consider sensitive.
- Click Add.
Important: If the JSON data causes violations and the system stops
parsing the data part way through a transaction, the system masks only the
sensitive data that was fully parsed.
Add any other elements that could contain sensitive data that you want to
The system creates the profile and displays it in the JSON Profiles
This creates a JSON profile which does not affect the security policy until you
associate the profile with a URL or parameter.
Next, you need to associate the JSON profile with any URLs or parameters that might
include JSON data.