Forum Discussion

Nimbostratus

Oct 25, 2021

Define allowed character in ASM for JSON parameter

I'm intercepting a POST with JSON parameter and I want to check the content but I'm not able to see where to define allowed character, length and type of each parameter I defined my parameters as J...

ASM Advanced WAF

security

Daniel_Wolf
Nov 03, 2021
Are you sure those are JSON values and not user-input values?
Do you have an OpenAPI Spec file to verify?

Since you are running on 15.1.2.1, as stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?

KR
Daniel

PhilippeG

Nimbostratus

Nov 01, 2021

Thanks for the reply. I already had a look to this page and I also checked "character set" in "application security - Content profiles - Character sets - JSON content" and in "application security - Parameters - Character sets - Parameter Value/Name".

What I don't understand is why it's accepted when the character is in first position in the value but not when he is in second position (or more)

Philippe

Daniel_Wolf
MVP
Nov 01, 2021
Sorry, maybe I was on the wrong track.
Does this violation occur with any combination of more than one character in the value?
Or only when the f is in second position?
Or on any character in the second position?

EDIT: Did you change the Default JSON profile?
- Daniel_Wolf
  MVP
  Nov 03, 2021
  Are you sure those are JSON values and not user-input values?
  Do you have an OpenAPI Spec file to verify?
  
  Since you are running on 15.1.2.1, as stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?
  
  KR
  Daniel
- PhilippeG
  Nimbostratus
  Nov 01, 2021
  It's depend the character, when I'm sending "ft" or "tf", it's occur on second character.
  If I'm sending "a" it's occur on first parameter.
  And what is strang is that violation occur only on parameters "fire" and "installation" even if my four parameters (fire, installation, app and credential) have the same value.
- Daniel_Wolf
  MVP
  Nov 03, 2021
  Hi ,
  
  I managed to reproduce your issue, but could not find a solution yet.
  Which version are you on?
  
  KR
  Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Define allowed character in ASM for JSON parameter

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Allow French characters on ASM

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

allow one url from blocks geolocation

HTTP auth - Calling external API with parameters

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS