JSON Threat Protection: Allow non-JSON requests - Plugin

Allow non-JSON requestsv3.14+

Configure the JSON Threat Protection plugin with allow_non_json_requests set to true. This setting allows non-JSON requests to bypass any configured rules, while still blocking requests that contain invalid JSON.

Set up the plugin

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: json-threat-protection
    config:
      max_body_size: 1024
      max_container_depth: 2
      max_object_entry_count: 4
      max_object_entry_name_length: 7
      max_array_element_count: 2
      max_string_value_length: 6
      enforcement_mode: block
      error_message: Incorrect request format
      allow_duplicate_object_entry_name: false
      allow_non_json_requests: true

Make the following request:

curl -i -X POST http://localhost:8001/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
controlPlaneId: The id of the control plane.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
  name: json-threat-protection
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
  labels:
    global: 'true'
config:
  max_body_size: 1024
  max_container_depth: 2
  max_object_entry_count: 4
  max_object_entry_name_length: 7
  max_array_element_count: 2
  max_string_value_length: 6
  enforcement_mode: block
  error_message: Incorrect request format
  allow_duplicate_object_entry_name: false
  allow_non_json_requests: true
plugin: json-threat-protection
" | kubectl apply -f -

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_json_threat_protection" "my_json_threat_protection" {
  enabled = true

  config = {
    max_body_size = 1024
    max_container_depth = 2
    max_object_entry_count = 4
    max_object_entry_name_length = 7
    max_array_element_count = 2
    max_string_value_length = 6
    enforcement_mode = "block"
    error_message = "Incorrect request format"
    allow_duplicate_object_entry_name = false
    allow_non_json_requests = true
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}

Copied!

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: json-threat-protection
    service: serviceName|Id
    config:
      max_body_size: 1024
      max_container_depth: 2
      max_object_entry_count: 4
      max_object_entry_name_length: 7
      max_array_element_count: 2
      max_string_value_length: 6
      enforcement_mode: block
      error_message: Incorrect request format
      allow_duplicate_object_entry_name: false
      allow_non_json_requests: true

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
controlPlaneId: The id of the control plane.
serviceId: The id of the service the plugin configuration will target.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: json-threat-protection
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
config:
  max_body_size: 1024
  max_container_depth: 2
  max_object_entry_count: 4
  max_object_entry_name_length: 7
  max_array_element_count: 2
  max_string_value_length: 6
  enforcement_mode: block
  error_message: Incorrect request format
  allow_duplicate_object_entry_name: false
  allow_non_json_requests: true
plugin: json-threat-protection
" | kubectl apply -f -

Copied!

Next, apply the KongPlugin resource by annotating the service resource:

kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=json-threat-protection

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_json_threat_protection" "my_json_threat_protection" {
  enabled = true

  config = {
    max_body_size = 1024
    max_container_depth = 2
    max_object_entry_count = 4
    max_object_entry_name_length = 7
    max_array_element_count = 2
    max_string_value_length = 6
    enforcement_mode = "block"
    error_message = "Incorrect request format"
    allow_duplicate_object_entry_name = false
    allow_non_json_requests = true
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  service = {
    id = konnect_gateway_service.my_service.id
  }
}

Copied!

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: json-threat-protection
    route: routeName|Id
    config:
      max_body_size: 1024
      max_container_depth: 2
      max_object_entry_count: 4
      max_object_entry_name_length: 7
      max_array_element_count: 2
      max_string_value_length: 6
      enforcement_mode: block
      error_message: Incorrect request format
      allow_duplicate_object_entry_name: false
      allow_non_json_requests: true

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "json-threat-protection",
      "config": {
        "max_body_size": 1024,
        "max_container_depth": 2,
        "max_object_entry_count": 4,
        "max_object_entry_name_length": 7,
        "max_array_element_count": 2,
        "max_string_value_length": 6,
        "enforcement_mode": "block",
        "error_message": "Incorrect request format",
        "allow_duplicate_object_entry_name": false,
        "allow_non_json_requests": true
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
controlPlaneId: The id of the control plane.
routeId: The id of the route the plugin configuration will target.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: json-threat-protection
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
config:
  max_body_size: 1024
  max_container_depth: 2
  max_object_entry_count: 4
  max_object_entry_name_length: 7
  max_array_element_count: 2
  max_string_value_length: 6
  enforcement_mode: block
  error_message: Incorrect request format
  allow_duplicate_object_entry_name: false
  allow_non_json_requests: true
plugin: json-threat-protection
" | kubectl apply -f -

Copied!

Next, apply the KongPlugin resource by annotating the httproute or ingress resource:

kubectl annotate -n kong httproute  konghq.com/plugins=json-threat-protection

Copied!

kubectl annotate -n kong ingress  konghq.com/plugins=json-threat-protection

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_json_threat_protection" "my_json_threat_protection" {
  enabled = true

  config = {
    max_body_size = 1024
    max_container_depth = 2
    max_object_entry_count = 4
    max_object_entry_name_length = 7
    max_array_element_count = 2
    max_string_value_length = 6
    enforcement_mode = "block"
    error_message = "Incorrect request format"
    allow_duplicate_object_entry_name = false
    allow_non_json_requests = true
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  route = {
    id = konnect_gateway_route.my_route.id
  }
}

Copied!

JSON Threat Protection

Allow non-JSON requestsv3.14+

Set up the plugin

Help us make these docs great!

Still need help?