Skip to content

Issue challenge for admin user in JWT claim based on attack score

This example configures additional protection for requests with a JSON Web Token (JWT) with a user claim of admin, based on the request's attack score.

Create a custom rule that issues a Managed Challenge if the user claim in a JWT is admin and the attack score is below 40.

  • Expression: (lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "user") eq "admin" and cf.waf.score < 40)
  • Action: Managed Challenge

In this example, <TOKEN_CONFIGURATION_ID> is your token configuration ID found in JWT Validation and user is the JWT claim.