Configuration

configobject
Hide Child Parameters
custom_injectionsarray[object]

Custom regexes to check for.

Default:null

Hide Child Parameters
namestringrequired

A unique name for this injection.

regexstringrequired

The regex to match against.

enforcement_modestring

Enforcement mode of the security policy.

Allowed values:blocklog_only

Default:block

error_messagestring

The response message when validation fails

Default:Bad Request

error_status_codeinteger

The response status code when validation fails.

Default:400

>= 400<= 499

injection_typesarray[string]

The type of injections to check for.

Allowed values:java_exceptionjssqlssixpath_abbreviatedxpath_extended

Default:sql

locationsarray[string]

The locations to check for injection.

Allowed values:bodyheaderspath_and_query

Default:path_and_query

protocolsarray[string]

A set of strings representing HTTP protocols.

Allowed values:grpcgrpcshttphttps

Default:grpc, grpcs, http, https

routeobject

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring
serviceobject

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!