Layer7 API Management

  • Private Community

  • 1.  Restrict Non ISO 8859-1 Chars

    Posted Aug 01, 2017 03:39 AM

    Hello,

     

    There is a situation , I have to restrict non ISO 8859-1 or Non Windows 1252 characters in API gateway.

    Do we have any assertions to meet this requirement.

     

    Thanks in advance.

     

    Regards,
    Suneel



  • 2.  Re: Restrict Non ISO 8859-1 Chars

    Broadcom Employee
    Posted Aug 02, 2017 03:41 PM

    That's interesting. Normally API calls are by definition UTF-8, so I'm curious about your ISO8859 requirement. 

     

    If you want to just reject these message, if the message content type is set correctly, and you force a parse of the message, the forced parse will fail if the characters are outside the charset. 

     

    There are several ways to force a message parse: Schema validation is the strongest for XML type messages. For JSON type messages, you can do json schema as well. For raw text, it might be a bit harder. I think a couple of set context variable assertions, coercing the message into having an ISO8859-1 or -15 content-type would work. 



  • 3.  Re: Restrict Non ISO 8859-1 Chars

    Posted Aug 03, 2017 11:13 PM

    Hello Jay,

     

    Yes by default API gateway converting all special characters into utf-8 encoding format. 

    Initially I have introduced regex to stop non ISO 8859-1 char set and it stopped few of the ISO 8859 characters too. due to may be not applied exact regex value.

    Developed service is REST service it does not have any schema so I can't apply schema validation assertion.

    hence looking for the proper solution how it can be handled in this situation.

     

    Regards,

    Suneel



  • 4.  Re: Restrict Non ISO 8859-1 Chars
    Best Answer

    Broadcom Employee
    Posted Aug 04, 2017 12:11 PM

    Converting is the wrong word. Every inbound message is required to have a content-type and charset as per the HTTP spec. If the client software sends "UTF-8", then we treat the message as UTF-8. If the client software says the message is ISO8859-1, then we will do that too. 

     

    But it sounds like your back end system doesn't support UTF-8, but the client software is claiming UTF-8.

     

    What you need to do is create a back end request message in ISO8859-1 charset. Create a context variable of type 'message' called 'back-end' or something like that. Set the content type to ISO8859-1. use '${request.mainpart}' as the message body. This will force a conversion to ISO8859. Use that new back end message in the routing assertion. 



  • 5.  Re: Restrict Non ISO 8859-1 Chars

    Posted Aug 09, 2017 03:20 PM

    Hi Jay,

     

    Thank you your reply.

    In API gateway service, we want to stop the service execution if any non windows 1252 or ISO 8859-1 characters are existed.

     

    Regards,

    Suneel



  • 6.  Re: Restrict Non ISO 8859-1 Chars

    Broadcom Employee
    Posted Aug 11, 2017 07:03 PM

    The forced conversion to ISO8859 will fail, and policy execution will stop if there are characters that will not convert into ISO8859.

     

    To set Charset I mean set the content type on a message variable to "Content-Type: text/xml; charset=iso8859-1"

     

    It's still not generally the way I'd recommend writing an API - I'd be more inclined to support UTF-8. However, I assume that part of the system is not in your control.