For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KarimBenyelloul's avatar
KarimBenyelloul
Icon for Cirrostratus rankCirrostratus
Jan 23, 2019

Malformed JSON data and Character encoding

Hi team, The following POST request triggers the violation "Malformed JSON data" . POST https://10.10.1.80/ HTTP/1.1 Content-Type: application/json; charset=iso-8859-1 Host: 10.10.1.80 Expect: 10...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Jan 23, 2019

ASM is correct in blocking this request as JSON can't be encoded in charset= iso-8859-1

 

The JSON Standard (RFC7159) clearly states that:

 

"JSON text shall be encoded in UTF-8, UTF-16, or UTF-32"

 

Speak to the application developers as they should be sending JSON in UTF-8 and escaping the special characters. If they question this - point them to the JSON standard.

 

Link to JSON Standard: https://tools.ietf.org/html/rfc7159