Forum Discussion

Karim's avatar
Karim
Icon for Cirrostratus rankCirrostratus
Jan 23, 2019

Malformed JSON data and Character encoding

Hi team,

The following POST request triggers the violation "Malformed JSON data" .

POST https://10.10.1.80/ HTTP/1.1
Content-Type: application/json; charset=iso-8859-1
Host: 10.10.1.80
Expect: 100-continue
Connection: Keep-Alive
Content-Length: 81
 
{
    "firstname":"John",
    "lastname":"Doe",
    "terminal":"12345"
}

The learning suggestion for this violation is to remove the JSON profile and "apply value and content signatures" to the URL which is not something I want to do.

After some troubleshooting, I noticed that :

  • If I remove the "é" character from the posted data then the violation is not triggered.
  •  
  • If I remove the ";charset= iso-8859-1" from the Content-Type header the violation is not triggered as well.
  •  

I would like to understand why the charset needs to be at its default value (utf-8) for the bigip to understand the "é" character.

PS: I'm in LAB environment and in version 13.1.0.3.

Many thanks,

Karim BENYELLOUL

ASM Advanced WAF
security
  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Jan 23, 2019

    ASM is correct in blocking this request as JSON can't be encoded in charset= iso-8859-1

     

    The JSON Standard (RFC7159) clearly states that:

     

    "JSON text shall be encoded in UTF-8, UTF-16, or UTF-32"

     

    Speak to the application developers as they should be sending JSON in UTF-8 and escaping the special characters. If they question this - point them to the JSON standard.

     

    Link to JSON Standard: https://tools.ietf.org/html/rfc7159