ASM XML & JSON parameter learning in Response Body

Question

Hi All,&nbsp;
I'm doing a testing on ASM XML/JSON profile on our lab ASM. I have created XML and JSON profile and assigned to respective URL. Parameter I would like to learn are in response body, response body is in XML and JSON  (two different URL one for XML and JSON), But I dont see parameters are getting learned and populated under allowed parameter (request from trusted IP).&nbsp;
Someone could please help me on this:
- XML/JSON parameter learning is possible in response body?&nbsp;
Sample response body
r4w8173Blad3lyzae&nbsp;
I'm using http://testphp.vulnweb.com/ AJAX for XML testing&nbsp;
Thanks,&nbsp;
Sachin&nbsp;

tikka_nagi_1315 · Answer

Sachin,&nbsp;
The short answer to your question "XML/JSON parameter learning is possible in response body?" is Yes.&nbsp;
Have you had a chance to review documentation? Specifically,&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/6.html&nbsp;
SOL13735 - PB identification of JSON parameter type values - http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13735.html?sr=35044458&nbsp;
The manual has a section on JSON parameters - http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-1-0/asm_parameters.html1048180&nbsp;

sachin_80710 · Answer

Thanks Tikka.for your resonse,&nbsp;
1) https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/6.html this is mainly for web service having XML. In my case its JSON parameter in response, how web service policy will work here?&nbsp;
2) https://support.f5.com/kb/en-us/solutions/public/13000/700/sol13735.html?sr=35044458 I have used this option in past with 11.6 ver, but 12.0 ver don't have JSON/XML payload detection under security setting. No idea if this option has move to else where in ASM policy setting.&nbsp;
3)  Configuring JSON parameters : This i have tried but not working, also under this topic its written The system validates JSON data found in requests to this parameter based on the settings you configured in the JSON profile. my understanding from this statement is that policy can only learn JSON parameter from request but not from response body. correct me if i'm wrong&nbsp;
Thanks
Sachin&nbsp;

Forum Discussion

ASM XML & JSON parameter learning in Response Body

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Community Learning Path: Multi-Cloud Networking

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Introduction of Incident Response

F5 NGINX API Gateway: Simplify Response Manipulation

Community Learning Path: Web Application and API Protection (WAAP)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS