Forum Discussion

Brett_Kopetsky's avatar
Brett_Kopetsky
Icon for Nimbostratus rankNimbostratus
Dec 16, 2020

Nameless JSON parameter in ASM

We're trying to parse JSON objects for parameters in our ASM policy. The content type is application/json. On one of our API endpoints, we receive payload that looks like this:

["sensitive data here"]

I believe this is technically valid JSON as a bare array. It seems that the ASM expects everything to be a key-value pair. How do I parse this payload into a parameter so that I can then mark that parameter for exclusion from logs?

application delivery
ASM Advanced WAF
security
  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Dec 23, 2020

    Hello Brett,

     

    You are right - this is valid JSON, and ASM parses it correctly as valid JSON, but currently there is no way to parse such JSON body as parameter and make it masked.

    Could you open SR for it?

     

    Thanks, Ivan