Issue challenge for admin user in JWT claim based on attack score
This example configures additional protection for requests with a JSON Web Token (JWT) with a user claim of admin
, based on the request's attack score.
Create a custom rule that issues a Managed Challenge if the user claim in a JWT is admin
and the attack score is below 40.
- Expression:
(lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "user") eq "admin" and cf.waf.score < 40)
- Action: Managed Challenge
In this example, <TOKEN_CONFIGURATION_ID>
is your token configuration ID found in JWT Validation and user
is the JWT claim.