XXE Policy Configuration

XXE detection can be enabled in the App Firewall policy.

  1. Navigate to Policies and click on the App Firewall tab.
  2. Scroll down to the section titled "XML External Entity (XXE)". Check the box labeled "Enabled".
  3. Users who want to catch all possible malicious XML payloads should check the box next to the default "tc-xxe-1" pattern, under "Regular Expressions (Pattern ID)". Advanced users may want to add and enable their own regular expressions.
  4. Click "Deploy" on the banner at the bottom of the screen.

FAQ: Can I enable XXE with no regular expressions?

Users must enable at least one XXE regular expression to see XXE events in tCell.