File: detect-outbound-policy.xml

package info (click to toggle)
libowasp-esapi-java 2.4.0.0-2.1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 12,000 kB
  • sloc: java: 35,401; xml: 1,630; sh: 373; makefile: 2
file content (27 lines) | stat: -rw-r--r-- 636 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
<?xml version="1.0" encoding="UTF-8"?>

	<!--
	This test file exemplifies a detect-content rule.

	Protection #1: The rule should fire whenever the string "2008" appears in
	               a response body.
	Exception #1:  The rule should -not- fire when the content type is anything
	               but text/*.

	-->

<policy>

	<settings>
		<mode>redirect</mode>
		<error-handling>
			<default-redirect-page>/security/error.jsp</default-redirect-page>
			<block-status>403</block-status>
		</error-handling>
	</settings>

	<outbound-rules>
		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
	</outbound-rules>
	
</policy>