For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KarimBenyelloul's avatar
KarimBenyelloul
Icon for Cirrostratus rankCirrostratus
Apr 03, 2018

ASM JSON/XML payload detection & Automatically detect advanced protocols

Hello team,

I have a question regarding the learning suggestions,

I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL"

In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html

The Policy Builder builds the security policy as follows:
Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload
detection)
...etc

we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI.

Could you please help on this ?

Many thanks,

Karim

application delivery
ASM Advanced WAF
detect advanced protocols
JSON
payload detection
security
xml

3 Replies

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 03, 2018
    Yes. You must use a Content Profile and assign it to a URL (or the URL wildcard). ASM attempts to classify the POST payload type automatically. Classification is based on the Content-Type header, and can be one of the following payload types:  

    •   text/xml
    •   application/xml
    •   text/x-json
    •   application/json

    In v13.1, ASM will classify these profiles automatically, and you will see a learning suggestion to add the profile based on what ASM sees in the payload. In the GUI, check the Properties of the URL, then click the Header-Based Content Profiles tab at the bottom of the section.
  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 04, 2018

    Unfortunately the suggestion to add a Content Profile does not exist in v12.1 and you must do it manually. But it does exist in v13 and you will see a suggestion based on what ASM detects in the POST payload.

     

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Apr 17, 2018

    Hi Karim, I think the issue is in the wording of the text. Prior to v13, you would have to create a JSON profile (for a URL) manually and add it to the policy. That's what is meant by "if the policy includes JSON/XML payload detection." In 13.1 we can auto-detect based on header information. There is no learning and blocking setting for "detect JSON/XML payload" which is sort of what that earlier language implies.