[Idea]: Add description about VIOL_ACCESS_UNAUTHORIZED on JWT protection docs #1497
Description
What is your idea for improving documentation?
Hello, I've been testing F5 WAF for NGINX's JWT protection feature recently, and found out that VIOL_ACCESS_UNAUTHORIZED should be set under blocking-settings to validate JWT's claim via authorizationRules.
If VIOL_ACCESS_UNAUTHORIZED is not configured, it appears that the policy only validates the JWT itself and does not validate the values of the claims defined in authorizationRules, allowing the request to pass.
I think description about VIOL_ACCESS_UNAUTHORIZED should be added under these sections:
https://docs.nginx.com/waf/policies/jwt-protection
- Authorization rules in URLs
- Attack signatures
- JSON web token violations
Which product or products does this idea relate to?
F5 WAF for NGINX
Does this idea relate to other issues?
No response
Are there alternative ideas for improving the same topic?
No response
Any additional information
The following is a portion of the security log when VIOL_ACCESS_UNAUTHORIZED is set to block.
{
"violations": [
{
"enforcementState": {
"isBlocked": true,
"isAlarmed": true,
"isLearned": false,
"attackType": [
{
"name": "Authentication/Authorization Attacks"
}
]
},
"violation": {
"name": "VIOL_ACCESS_UNAUTHORIZED"
},
"policyEntity": {
"urls": [
{
"name": "/api/premium",
"authorizationRules": [
{
"name": "subscription"
}
]
}
]
},
"observedEntity": {
"claims": {
"sub": "temp",
"name": "John Doe",
"role": "unknown",
"iat": 1516239022,
"exp": 1900000000
}
}
}
]
}