Set response body and resource constraints

Set limits to responses for your API. Response body and resource constraints are set per method, but are enabled per API definition. Any values in the responses outside the limits you set trigger the firewall action specified in your security policy.

To set constraints:

  1. From API definitions, go to API resources.
  2. Add a new resource.
  3. Select and expand the methods you want to limit for the response.
  4. Expand a method and Add a response parameter.
    1. Response header: Select the Type of the header. The type is the header's format, Integer, String, Number, or Boolean.
      1. Select whether the presence of response header is required in the API call.
      2. Optionally a Range (Integer and Number), or a string length.
      3. Optionally add a description.
    2. Response body: Limit how large the response body can be before tripping the firewall action. The default is 6k. Choose No limit to allow response bodies larger than 6k without tripping the firewall action.
    3. Select the response body type. You can choose to allow Any, JSON, XML, or None. If you choose None, no max body sizes are enforced.
  5. Click Save.



The settings for Undefined parameters apply to any response body parameters you do not explicitly define.