When tuning an ASM Policy what would cause your JSON Profile to flag a payload as such: Violation Details: Malformed JSON data [1]JSON Buffer4.5600012001319145eDescriptionMalformed documentMalformed numeric valueContextActual URL/path/to/urlWildcard URL*path*JSON ProfileDefaultApplied Blocking SettingsBlock Alarm Learn Attack TypeJSON Parser Attack Payload:{ ... "dpps": 4.5600012001319145e+22, "ddpse": 222 ...]

Enable the relax_unicode_in_json internal parameter.relax_unicode_in_json: The default is 0.When the value is changed to 1, a bad unicode character does not produce a JSON malformed violation. A bad unicode character might be a legal unicode character that does not appear in the mapping of the system's JSON parser.

Forum Discussion

hguerrier

Nimbostratus

Apr 22, 2022

ASM Policy Blocking Scientific Notation in JSON Profile

When tuning an ASM Policy what would cause your JSON Profile to flag a payload as such:

Violation Details: Malformed JSON data [1]

JSON Buffer	4.5600012001319145e
Description	Malformed document Malformed numeric value
Context	Actual URL /path/to/url Wildcard URL path
JSON Profile	Default
Applied Blocking Settings	Block Alarm Learn

Attack Type

JSON Parser Attack

Payload:

{  
  ...
  "dpps": 4.5600012001319145e+22,
  "ddpse": 222
  ...
]

1 Reply

Gajji
Cirrostratus
May 01, 2022
Enable the relax_unicode_in_json internal parameter.
relax_unicode_in_json: The default is 0.
When the value is changed to 1, a bad unicode character does not produce a JSON malformed violation. A bad unicode character might be a legal unicode character that does not appear in the mapping of the system's JSON parser.