For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PhilippeG's avatar
PhilippeG
Icon for Nimbostratus rankNimbostratus
Oct 25, 2021
Solved

Define allowed character in ASM for JSON parameter

I'm intercepting a POST with JSON parameter and I want to check the content but I'm not able to see where to define allowed character, length and type of each parameter I defined my parameters as J...
ASM Advanced WAF
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Nov 03, 2021

    Are you sure those are JSON values and not user-input values?

    Do you have an OpenAPI Spec file to verify?

     

    Since you are running on 15.1.2.1, as  stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?

     

    KR

    Daniel

PhilippeG's avatar
PhilippeG
Icon for Nimbostratus rankNimbostratus
Nov 01, 2021

Hi  

Thanks for the reply. I already had a look to this page and I also checked "character set" in "application security - Content profiles - Character sets - JSON content" and in "application security - Parameters - Character sets - Parameter Value/Name".

What I don't understand is why it's accepted when the character is in first position in the value but not when he is in second position (or more)

KR

Philippe