Threat protection policies prevent malicious attacks on applications that typically involve large, recursive payloads, and SQL injections. You can limit the size of things, such as maximum message size, maximum number of requests, maximum node depth and text node length, in the XML document.

The threat protection policies apply to an API globally for all requests coming into API Gateway. These policies are executed only for requests coming to the external port of API Gateway. You can configure the global threat protection rules to filter requests that API Gateway receives. You can also configure API Gateway to send an alert when a request violates a rule. When a rule is configured to send an alert and a violation occurs, API Gateway logs the details and generates an alert. The alert message contains detailed information that includes the IP address from which the request was sent, user information, and the name of the rule filter that matched.

API Gateway applies rules in the order in which they are displayed on the Global policies screen. Because a violation of a denial rule causes API Gateway to stop processing a request, it is important to prioritize the rules based on the order in which you want them to be evaluated. The server processes denial rules before alert rules.

You must have the API Gateway's manage threat protection functional privilege assigned to perform this task.

In addition, the API Gateway administrator can configure the necessary mobile devices and applications, configure alert options, and manage the IPs that are denied access.