Forum Discussion
Protobuf support in ASM
Hello,
We are using BIG-IP 16.1.3.4 with the ASM module. We are trying to configure an ASM policy to parse and validate parameters in protobuf payloads sent over HTTP (not gRPC). Is it possible? Can we use proto3 schemas for this?
Thanks
This may be an advanced question regarding product capabilities, rather than a particular configuration. I would suggest an F5 support ticket to obtain an authoritative answer from those that developed the module 🙂 A quick google search against F5s domains does not show anything of merit. So not sure if the parser supports this... have you checked the various supported technologies?
Hope this helps? Another idea is to perform a pen test and have the results important into the F5 ASM for mitigation. Check the following for assessment tool outputs supported:
https://f5-agility-labs-waf.readthedocs.io/en/latest/class5/module2/lab5/lab5.html
- tuganimAltostratus
Thanks for your response. We too could not find any information regarding this topic, so we asked here.
As for the server technologies, protobuf does not seem to be listed as an available technology.
As for the using the output of a vulnerability scanner, unfortunately we do not use any of the supported scanners, so this is not an applicable option. Also, I guess that if protobuf is generally supported, there should be an option to configure it manually, without the need to import the results of a scanner.
Thanks again for your response. We will try to contact the F5 support.
If the VIP is publickly available you can test the qualys community edition as it allows a web scan up to 1 url:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com