Injection Protection

Enterprise only

XPath abbreviated injectionv3.9+

Detects intentionally malformed information that is sent to a website with the intention of constructing an XPath query for XML data, specifically in abbreviated syntax. Uses the following regex for matching: (/(@?[\w_?\w:\*]+(\[[^]]+\])*)?)+

Set up the plugin

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: injection-protection
    config:
      injection_types:
      - xpath_abbreviated
      locations:
      - path_and_query
      enforcement_mode: block
      error_status_code: 400
      error_message: Bad Request
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!