search cancel

Issue encapsulating Response SQL threat protection

book

Article ID: 113740

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction



The client is using the SQL Threat Protection assertion for validating Response messages from the HTTP Routing assertion. The assertions are grouped into an included fragment to create a reusable building block. As long as this part is used as an included fragment it is working as expected and throws errors for messages with a possible security threat. However when this fragment is used to create an encapsulated assertion and used instead in the policy it never fails and all messages are incorrectly successful.

The same construction working on the request message is ok, as well as used as for a fragment as used as an encapsulated assertion.
Is this a bug or can we achieve somehow to have the encapsulated assertion work with SQL threat protection on the default response message?

Environment

Env: 9.3 CR02

Resolution

Solution:
In the threatProtectionOnResponse encapsulated assertion properties window, please check the checkbox 'Update routing statistics in parent policy'. 
This issue was resolved by changing the configuration of the Encapsulated Assertion.
You can refer to the attached .docx file for the exact configuration change.

 

Attachments

1558536813325SQLThreatProtectionFix.docx get_app