Applies To:Show Versions
Common elements XML security
- On the Main tab, click.The XML Profiles screen opens.
- Select theUse XML Blocking Response Pagecheck box to send an XML response page when the security policy blocks a request that contains XML content that does not comply with this XML profile.
- In the Defense Configuration area, forDefense Level, selectHigh(the default value),Medium, orLowto specify the level of protection you want the security policy to provide for XML applications and services.The system adjusts the defense configuration settings according to your choice. You can review the settings by selectingAdvancednext to Defense Configuration.
- If you are on the Create New XML Profile screen, skip to step 2. If not, at the top of the screen, click theCreate new XML profilelink.You can also navigate toand clickCreate.The Create New XML Profile screen opens.
- ClickCreate.The Associate XML Profile screen opens.
- For theAssociate XML Profilesetting, specify whether to associate the XML profile with a URL or a parameter:OptionDescriptionURLValidates XML data found in requests to this URL.ParameterValidates XML data in a parameter. You also select theParameter Level:Globalspecifies that this is a global parameter that has no association with URLs.URLspecifies that this parameter is associated with a specific URL, a protocol (HTTP or HTTPS), and a target URL path.
- ClickNext.The New Allowed URL or Add Parameter screen opens, depending on which entity you choose to associate with the XML profile.
- Create the URL or parameter to associate with the XML profile. Your steps depend on which option you selected.OptionDescriptionURLType the explicit URL or wildcard URL that represents the web application, and clickNext.Global ParameterType the name of the parameter, and clickCreate.URL ParameterType the explicit URL or wildcard URL that represents the web application, and clickNext.Type the name of the parameter, and clickCreate.The system creates the URL or parameter and displays the list of entities.
- ClickUpload.The screen lists the uploaded file.
- If the imported file references another URL (and the setting is available), forImport URL, type the URL.
- Clear theFollow Schema Linkscheck box if you do not want the system to retrieve referenced links that are in the WSDL document. By default, this setting is enabled.
- To allow SOAP messages to have attachments, select theAllow Attachments in SOAP Messagescheck box.
- ClickCreate.In most cases, the system automatically associates a URL or parameter with the application based on the WSDL file.If the XML Profiles screen is displayed, you are done creating the profile. Otherwise, the Associate XML Profile screen opens, and you can continue with the next step.