We are trying to solve one security defects on TYK apigateway level i.e
if we request API using postman
we are still getting the response for the records do we have any security configuration on TYK gateway level so that we can blacklist
I did it with this definition:
$ curl --globoff -X GET “http://tyk-gateway.localhost:8080/httpcodes/anything/Location=xyz”
“customErrorTemplate”: “This is a custom error response template for HTTP 403 responses using JSON”,
“error”: “Requested endpoint is forbidden”
Correct API is like this if I wants to block
<script>alert(1)</script> then how should I do it in TYK community edition ?
Sorry, missed your message. Hope you managed, but in general, it’s the same.
You can check it in this doc
match_pattern: This is the actual capture group to generate. This is a pure regex, in this case we are capturing two-word groups.