Set response body and resource constraints
Set limits to responses for your API. Response body and resource constraints are set per method, but are enabled per API definition. Any values in the responses outside the limits you set trigger the firewall action specified in your security policy.
To set constraints:
- From API definitions, go to API resources.
- Add a new resource.
- Select and expand the methods you want to limit for the response.
- Expand a method and Add a response parameter.
- Response header: Select the Type of the header. The type is the header's format,
Integer
,String
,Number
, orBoolean
.- Select whether the presence of response header is required in the API call.
- Optionally a Range (
Integer
andNumber
), or a string length. - Optionally add a description.
- Response body: Limit how large the response body can be before tripping the firewall action. The default is
6k
. ChooseNo limit
to allow response bodies larger than6k
without tripping the firewall action. - Select the response body type. You can choose to allow
Any
,JSON
,XML
, orNone
. If you chooseNone
, no max body sizes are enforced.
- Response header: Select the Type of the header. The type is the header's format,
- Click Save.
Note
The settings for Undefined parameters apply to any response body parameters you do not explicitly define.
Updated about 1 year ago