How to define a replay filter to check the document for replay attacks.
About this task
This filter uses a directory to cache a selected value from submitted documents. When this value
is part of any subsequent request, that request is rejected.
A replay filter uses the store:///replay-filter.xsl stylesheet.
Procedure
- Drag the Filter icon to the
configuration path.
- Double-click the Filter
icon.
- In the Input field, specify the context of the
message to process.
- Click the Advanced tab.
- From the Filter method list, select Replay
filter.
- Set the Asynchronous property to indicate
whether to process asynchronously. When enabled, the action does not need to complete before the
rule starts processing its next action.
- From the Replay filter type list, select the filter type.
- WS-Security password digest nonce
- WS-Addressing aessage ID
- Custom XPath
- In the Replay duration field, specify the duration to use the
extracted value.
- For a custom XPath filter, in the Custom XPath expression field,
specify the XPath expression. Click XPath tool for assistance in constructing
the expression.
- Optional: Select Enable GatewayScript debug
from the actions list to debug a GatewayScript program. The program can be called from a
gatewayscript element or a gatewayscript() function in the
stylesheet that you specify in the Transform file field.
- In the Output field, specify the context of the
message after processing.
- Click Done.
What to do next
If this action is the last one for the rule, click Apply
policy. Otherwise, drag another icon to the configuration path.