Forum Discussion

tuganim's avatar
tuganim
Icon for Altostratus rankAltostratus
Jul 24, 2023

Protobuf support in ASM

Hello,
We are using BIG-IP 16.1.3.4 with the ASM module. We are trying to configure an ASM policy to parse and validate parameters in protobuf payloads sent over HTTP (not gRPC). Is it possible? Can we use proto3 schemas for this?

Thanks

  • This may be an advanced question regarding product capabilities, rather than a particular configuration. I would suggest an F5 support ticket to obtain an authoritative answer from those that developed the module 🙂 A quick google search against F5s domains does not show anything of merit. So not sure if the parser supports this... have you checked the various supported technologies?

    https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/23.html

    Hope this helps? Another idea is to perform a pen test and have the results important into the F5 ASM for mitigation. Check the following for assessment tool outputs supported:

    https://f5-agility-labs-waf.readthedocs.io/en/latest/class5/module2/lab5/lab5.html

    • tuganim's avatar
      tuganim
      Icon for Altostratus rankAltostratus

      Thanks for your response. We too could not find any information regarding this topic, so we asked here.

      As for the server technologies, protobuf does not seem to be listed as an available technology.

      As for the using the output of a vulnerability scanner, unfortunately we do not use any of the supported scanners, so this is not an applicable option. Also, I guess that if protobuf is generally supported, there should be an option to configure it manually, without the need to import the results of a scanner.

      Thanks again for your response. We will try to contact the F5 support.