Forum Discussion

PhilippeG's avatar
PhilippeG
Icon for Nimbostratus rankNimbostratus
Oct 25, 2021

Define allowed character in ASM for JSON parameter

I'm intercepting a POST with JSON parameter and I want to check the content but I'm not able to see where to define allowed character, length and type of each parameter I defined my parameters as J...
ASM Advanced WAF
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Nov 03, 2021

    Are you sure those are JSON values and not user-input values?

    Do you have an OpenAPI Spec file to verify?

     

    Since you are running on 15.1.2.1, as  stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?

     

    KR

    Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP

Sorry, maybe I was on the wrong track.

Does this violation occur with any combination of more than one character in the value?

Or only when the f is in second position?

Or on any character in the second position?

 

EDIT: Did you change the Default JSON profile?

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Nov 03, 2021

Are you sure those are JSON values and not user-input values?

Do you have an OpenAPI Spec file to verify?

 

Since you are running on 15.1.2.1, as  stated - if you have a OpenAPI Spec file can you create a policy "REST API Security (Open API Spec) " with the Guided Configuration?

 

KR

Daniel