Forum Discussion

FoleyJH_30150's avatar
FoleyJH_30150
Icon for Nimbostratus rankNimbostratus
Jul 11, 2012

ASM flagging SOAP/XML message content as URL Parameters

I have an inbound POST to my web application that uses a SOAP/XML content format. This is the first time I have had to work with this. I used Policy Builder to generate the majority of the security policy. It has correctly identified the URL's and associated parameters. However, without policy builder enabled the POST fails with illegal parameter and flags the following as a parameter:

 

 

< div>

 

 

 

 

How do I indicate to the ASM that this is content and not parameters and values.

 

 

 

Thanks in advance.

 

 

 

 

 

/DIV>

 

  • Ido_Breger_3805's avatar
    Ido_Breger_3805
    Historic F5 Account
    Hi,

     

    You will need to configure an XML profile for that URL.

     

    Content profiles-XML profile- add XML profile.

     

    Then after you configure it, attach it to the URL (From the URL page -advanced - parsed as XML).

     

    Cheers,

     

    Ido
  • Just to add is that XML profile will need the XSD or WSDL schema to check the XML content. You can extract XSD from WSDL also. can see "Associating an XML profile with a URL" as an example in below link. There are association with parameter in the link as well

     

     

    http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_11_0_0/asm_xml_profile.html?sr=22670006

     

  • You don't actually need to import and specify a schema in the XML profile. For some implementations, it's enough to just parse the payload or parameter value as XML--not actually validate the schema.

     

     

    Aaron
  • Thanks for clarifying Aaron, just another layer of checks for me.

     

    Also for info, there is xml content based routing in ltm

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/3.html
  • Thanks to all for the information. I have not had an opportunity to revisit this until now. I will implement the suggestions and see if I get the desired results.
  • This is resolved. Thanks to all for the help. I did have to build a new security profile in order for this to work. The original profile was build using the Production Site Deployment Scenario and not the Web Services scenario.