IoF
May 12, 2022Altostratus
ASM/WAF policy - Parameter value type was determined to be "XML value" but really it is "HTML"
Hi, hoping someone can help with this issue.
F5 WAF suggested that the parameter "text" should be "XML value". I agreed and and I'm using the default XML content profile.
However the actual value looks like HTML code to me, which is not an option anywhere AFAIK. Mostly there are no issues, except for some special situations like this particular request that contains "(" and ")" characters in the value.
As a result I'm getting an error:
XML Buffer | ( |
Description | Malformed document Illegal data between tags |
Context | Parameter Location Form Data Parameter Level Global Parameter Name text Parameter Value *************** |
The request looks very similar to the one below:
POST /aaa/bbb HTTP/1.1
Host: aaa.bbb.org
Connection: keep-alive
Content-Length: 00000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://aaa.bbb.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://aaa.bbb.org
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ************
X-Forwarded-For: 1.1.1.1
text=<b>aaa+aa.+11111+aa+aaaaaaa+111+1111+</b>(<a+href="https://www.ccc.org/ddd/111/ppp.pdf">aaaa11.222</a>+-+oooooooooo)+(eeeeeeeee+jjjjjjjjjj+1,+2222)
&input_format=full_html&token=xxxxxxxxxxxx
Is there any way to tweak the XML content profile to make this work, or should I switch the parameter to user-input/alphanumeric and add the HTML meta characters as allowed?