Forum Discussion

Karim's avatar
Karim
Icon for Cirrostratus rankCirrostratus
Apr 03, 2018

ASM JSON/XML payload detection & Automatically detect advanced protocols

Hello team,

I have a question regarding the learning suggestions,

I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL"

In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html

The Policy Builder builds the security policy as follows:
Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload
detection)
...etc

we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI.

Could you please help on this ?

Many thanks,

Karim

application delivery
ASM Advanced WAF
detect advanced protocols
JSON
payload detection
security
xml
  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 03, 2018
    Yes. You must use a Content Profile and assign it to a URL (or the URL wildcard). ASM attempts to classify the POST payload type automatically. Classification is based on the Content-Type header, and can be one of the following payload types:  

    •   text/xml
    •   application/xml
    •   text/x-json
    •   application/json

    In v13.1, ASM will classify these profiles automatically, and you will see a learning suggestion to add the profile based on what ASM sees in the payload. In the GUI, check the Properties of the URL, then click the Header-Based Content Profiles tab at the bottom of the section.
  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 04, 2018

    Unfortunately the suggestion to add a Content Profile does not exist in v12.1 and you must do it manually. But it does exist in v13 and you will see a suggestion based on what ASM detects in the POST payload.

     

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 17, 2018

    Hi Karim, I think the issue is in the wording of the text. Prior to v13, you would have to create a JSON profile (for a URL) manually and add it to the policy. That's what is meant by "if the policy includes JSON/XML payload detection." In 13.1 we can auto-detect based on header information. There is no learning and blocking setting for "detect JSON/XML payload" which is sort of what that earlier language implies.