I have Threat Protection policy which included both SQL and XSS patterns. But, when threat identified, the fault error returns my pattern in the error response. I would like to customize the error when threat detected. How can i achieve that ? I have created a fault rule and check the condition on ProxyEndpoint flow, and added the Raise Fault after the Threat protection policy. But Fault is not reachable.
<ProxyEndpoint name="default"> <Description/> <FaultRules> <FaultRule name="Header-Fault-rule"> <Condition>(fault.name = "ExecutionFailed")</Condition> <Step> <Name>Threat-Protection-Fault</Name> </Step> </FaultRule> </FaultRules> <PreFlow name="PreFlow"> <Request> <Step> <Name>Thread Protection</Name> </Step> <Step> <Name>Threat-Protection-Fault</Name> </Step> . . .
Default Error by Threat Protection Policy:
{"fault": { "faultstring": "Regular Expression Threat Detected in Thread Protection: regex: [\\s]*((delete)|(exec)|(drop\\s*table)|(insert)|(shutdown)|(update)|(\\bor\\b)) input: delete", "detail": {"errorcode": "steps.regexprotection.ThreatDetected"} }}
Have a look at this article on handling policy faults : http://docs.apigee.com/api-services/content/fault-handling#handlingpolicyfaultswithinthecurrentflow