Deny rules establish a negative security model, also known as black lists. Deny rules are processed as the first filtering stage after decryption and decoding and can be configured on this global deny rule page.
- The global Deny Rules page is split into two sections:
- In Section – Default Deny Rule Groups, Airlock Gateway provides a predefined set of default deny rule groups to protect against common attack scenarios. For instance, specific deny rule groups deal with SQL injection or Cross-site scripting (XSS) attacks. Default deny rules are labeled with a (default) name prefix and are managed by Airlock Gateway updates and cannot be changed by the user.
- In Section – Custom Deny Rule Groups, Airlock Gateway provides the opportunity to create and configure custom deny rules and to group them. Each custom rule can be configured in on the Custom Deny Rules detail page.
The global deny rules can be configured on the Tab – Deny Rules for each Mapping detail page.
JSON attribute filtering
Airlock Gateway automatically generates parameters from JSON objects. These JSON parameters are treated like parameters in GET or POST requests. For details, refer to the JSON parsing and filtering page.