Forum Discussion
Janek_42109
Nimbostratus
NimbostratusASM : WSDLs and Allowed URLs List
Hello,
I'm using ASM module to filter XML traffic with WSDL file.
I have an issue with serval security policy. When creating an XML profile, i import an WSDL file and automatically there is an URI added in the Allowed URLs List based on the soap address location of the WSDL. But now i have URIs which are not related to soap address location and now present in the WSDL file.
I would like to know how is the Allow URLs List is actually working because from what is see it's now only based to on soap address location. Does anyone has more information about this ?
Is there a way to disable the automatic import of the soap address location from the WSDL file to the allowed urls list ?
Thank you for your help.
The short answer to your question:
Is there a way to disable the automatic import of the soap address location from the WSDL file to the allowed urls list ?
is No.
When you create an XML profile with WSDL validation the system automatically associates a URL or parameter with the application based on the WSDL file. AS part of the XML profile security ASM enforces compliance against XML schema files or WSDL documents. Given that the URL is part of the WSDL the only way ASM can enforce compliance is through importing the URL and not allow modification.
Creating a Security Policy for Web Services:
