Layer7 API Management

Hi There,

To prevent message reply attack am trying following option. So essentially i receive a msg from client to gateway, which contain a nonce in it. And taking that nonce checking some thing like below,not sure what it doing in below.Could you please elaborate it what below method is performing in this case.I have seen the doc but couldn't get it well.. 

Hello,

If you are trying to prevent the replay on the nonce value you can do something like this. Please let me know if there are specific questions you had about the usage and I'll be happy to address them, thank you.

Regards,

Joe

Am trying to understand what it does? when we stored identifier and expiry to 1 hr,what does that meant pls,could you pls brief it?

It will prevent a duplicate value from being accepted within the specified time frame.

So let's say you send the nonce value 12345 to the service and the expiry is set to 1 hour. 

If you send a 2nd request containing the nonce value 12345 within that hour it will be rejected. Preventing the replay attack. The assumption being that it may have been compromised. 

Regards,

Joe

Hi

Did the answers on this thread  answered your question? If it did please mark it as the right answer.
When your question is not answered or you still have additional questions please let us know.

With Kind Regards
Dirk

When a nonce sent via jwt we check it should be repeated for an 1hr,but this is not across the clusters, this works only with in the cluster but we got 2 clusters,how to deal with it, storing nonce to DB will help?