Forum Discussion
Define allowed character in ASM for JSON parameter
- Nov 03, 2021
Are you sure those are JSON values and not user-input values?
Do you have an OpenAPI Spec file to verify?
Since you are running on 15.1.2.1, as stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?
KR
Daniel
Hi
Thanks for the reply. I already had a look to this page and I also checked "character set" in "application security - Content profiles - Character sets - JSON content" and in "application security - Parameters - Character sets - Parameter Value/Name".
What I don't understand is why it's accepted when the character is in first position in the value but not when he is in second position (or more)
KR
Philippe
- Daniel_WolfNov 01, 2021MVP
Sorry, maybe I was on the wrong track.
Does this violation occur with any combination of more than one character in the value?
Or only when the f is in second position?
Or on any character in the second position?
EDIT: Did you change the Default JSON profile?
- Daniel_WolfNov 03, 2021MVP
Are you sure those are JSON values and not user-input values?
Do you have an OpenAPI Spec file to verify?
Since you are running on 15.1.2.1, as stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?
KR
Daniel
- PhilippeGNov 01, 2021Nimbostratus
It's depend the character, when I'm sending "ft" or "tf", it's occur on second character.
If I'm sending "a" it's occur on first parameter.
And what is strang is that violation occur only on parameters "fire" and "installation" even if my four parameters (fire, installation, app and credential) have the same value.
- Daniel_WolfNov 03, 2021MVP
Hi ,
I managed to reproduce your issue, but could not find a solution yet.
Which version are you on?
KR
Daniel
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com