- Newest
- Most votes
- Most comments
The request’s body inspection is designed to do regex match for the whole body or specific fields referenced by match scope, and for keys, values, or both. Usually, it is used to create rules that will inspect single elements of the JSON payload in a well-defined structure.
You can use a following regex to match the body content:
\{ "id": "[0-9]{10}", "name": "[a-Z]{3-20}", "array": \[\{ "countryCode": "[A-Z]{2}" \}, \{ "countryCode": "[A-Z]{2}" \} \] \}
This should give you an idea of how such check can be approached. In this case, one needs to be careful about key ordering and whitespaces when making the request:
- key ordering can be ensured on your (valid) client/application side
- whitespace management can be easily solved with WAF's Text Transformation: Compress whitespace (here you can access the list of all supported text transformations) that will replace characters such as Tab, Newline, Carriage return, and multiple spaces with one space.
This regex will also automatically guarantee that there are no other keys present in the request body.
Please also note that we offer request model validation as part of the API Gateway service, which is aiming more for API-level validation, instead of a firewall-level.
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 days ago
- AWS OFFICIALUpdated 6 months ago