Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Identified by type="MessageFlow", this rule enforces replay detection and freshness requirements to prevent replay attacks, along with optional message correlation enforcement.

Attributes

Name

Type

Default

Description

checkCorrelation 3.1

booleanfalseEnables request/response correlation checking based on use of a cookie to track request IDs, subsequently recovered to compare to the InResponseTo attribute in a response

blockUnsolicited 3.1

booleanfalseEnables the checkCorrelation option and adds rejection of any message with an empty InResponseTo attribute
checkReplay booleantrue

Enables or disables use of a replay cache to prevent replay attacks. Do not turn off in production.

expirestime in seconds180

Maxmimum time permitted between a message's timestamp and when it can be processed. Bounds the size of the replay cache.

Example

<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
  • No labels