For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KarimBenyelloul's avatar
KarimBenyelloul
Icon for Cirrostratus rankCirrostratus
Jan 23, 2019

Malformed JSON data and Character encoding

Hi team,

The following POST request triggers the violation "Malformed JSON data" .

POST https://10.10.1.80/ HTTP/1.1
Content-Type: application/json; charset=iso-8859-1
Host: 10.10.1.80
Expect: 100-continue
Connection: Keep-Alive
Content-Length: 81
 
{
    "firstname":"John",
    "lastname":"Doe",
    "terminal":"12345"
}

The learning suggestion for this violation is to remove the JSON profile and "apply value and content signatures" to the URL which is not something I want to do.

After some troubleshooting, I noticed that :

  • If I remove the "é" character from the posted data then the violation is not triggered.
  •  
  • If I remove the ";charset= iso-8859-1" from the Content-Type header the violation is not triggered as well.
  •  

I would like to understand why the charset needs to be at its default value (utf-8) for the bigip to understand the "é" character.

PS: I'm in LAB environment and in version 13.1.0.3.

Many thanks,

Karim BENYELLOUL

ASM Advanced WAF
security

1 Reply

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Jan 23, 2019

    ASM is correct in blocking this request as JSON can't be encoded in charset= iso-8859-1

     

    The JSON Standard (RFC7159) clearly states that:

     

    "JSON text shall be encoded in UTF-8, UTF-16, or UTF-32"

     

    Speak to the application developers as they should be sending JSON in UTF-8 and escaping the special characters. If they question this - point them to the JSON standard.

     

    Link to JSON Standard: https://tools.ietf.org/html/rfc7159