Forum Discussion
CirrusMetacharacters and JSON parameters
I am having problems understanding how to configure ASM for a JSON object containing 3 different parameters. I simply want to block “.” in two of the parameters. However, when creating a parameter with JSON as the value type I am no longer able to define allowed/disallowed metacharecters.
Edited
It looks as though pre 13.0 this was possible in content profiles which you could define for each individual parameter. However, in 13.0 this doesnt look possible.
12.x
13.0
2 Replies
Dev_56330By default Parse parameters is checked. By unchecking parse parameters it allows you to define metacharecters, signatures, etc.
https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnote-asm-13-0-0.html
JSON Support and Granularity Improvements
The JSON profile now includes a new flag: parse parameters. The flag is ON by default. The parameters will be extracted if the flag is set and a JSON profile is attached to the URL or parameter. Any sensitive data, attack signatures or meta character exclusions that are defined in the JSON profile are now enforced with any similar items defined in parameters. The entire JSON profile is parsed and tokenized to parameters. The enforcement moves to the parameters and is done according to the configuration of the wildcard or explicit entity that is matched.
Only1masterbla1JSON parameterization was introduced in 13.0. You should be able to change allowed/disallowed metacharacters on per parameter basis. Pre-13.x has a very basic JSON control. I don't have 13.x yet, your findings will be interesting.
