For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sriram_Shanmuga

Icon for Altostratus rank

Altostratus

Sep 20, 2018

JSON Parser Attack

Hi All,

I have enabled WAF policy in blocking mode and i could see the WAF is blocking. Client is using JSON scripts and its being blocked by WAF.

How to bypass the JSON parser attack .

Thanks

application delivery

ASM Advanced WAF

2 Replies

Sriram_Shanmuga
Altostratus
Sep 20, 2018
I have enabled WAF policy and apply to a Virtual server in Transparent mode. When the user execute JSON script in Postman tool, they are thrown a support id.

Is it an expected behavior from WAF ?

Regaards RAM
OM
Altocumulus
Apr 07, 2022
enabling WAF may block requests if you don't custom your policy according to your needs.
if your json content has some special characters or any pattern that may match a signature, the request may get blocked.
you can look at the logs and see what is the reason of the blocking.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5