Question about PO001, PO002, PO003, PO004 and PO005 rules

[jcmellado]

This is not really an issue, just a question about policies rules PO001, PO002, PO003, PO004 and PO005.

Al them have the following description: "A check for a body element must be performed before policy execution."

Why is it necessary to check if the body element is present? Is it about optimization? or just best practices that we ignore?

How should the condition be written? like the one used for testing?

[ssvaidyanathan]

@jcmellado - Its more of a best practice and also to improve your security. You don't want attackers to send requests with huge payloads. This can impact your backends and services. These content protection policies help your backend. Hence we added those policies to warn when the proxy takes a request body.

Thanks for reaching out and asking this. However, I would recommend you to use Apigee community to ask such questions. You will get more perspectives and responses from other users as its meant for such discussions.

[jcmellado]

Thanks @ssvaidyanathan

But I'm not asking about the "JSON Threat Protection", "XML Threat Protection", ... policies, I'm asking about the "PO001", "PO002", ... rules

Sorry, I didn't use the correct term. I will edit the question.

[ssvaidyanathan]

Got it. Those rules are just there for best practice. Since these policies are usually executed on the request content or the response content, you need to execute this only if there is one else its better to just skip it.