Risk excepting "xml data does not comply with schema or wsdl document"

Question

I have setup a XML Profile and getting some requests blocked due to "xml data does not comply with schema or wsdl document", after analysing the requests if my SOAPAction header is blank the request is blocked while if that comes as a URL it works. 
The W3S specification The header field value of empty string ("") means that the intent of the SOAP message is provided by the HTTP Request-URI. No value means that there is no indication of the intent of the message.
so I believe F5 should be respecting all the possible values here but in reality its not. 
I can add exception in violation settings but not sure of the risk occurred.  Can any one please help here.&nbsp;

samstep · Answer

Adding exception means that you can miss an attack. If you believe that the culprit is the empty SOAPAction header then it might make sense to remove it with an iRule if it is empty before the request hits the ASM policy.&nbsp;
The empty SOAPAction header is a bit of a grey area really coming form a 17-year-old spec dated year 2000 while the HTTP spec from 1999 says that each header must have a value... &nbsp;
You may have hit an interesting case, I suggest that you raise a support case with F5 with examples of ASM behaviour you are observing with SOAPAction being empty, having two sets of double-quotes and the action as value. &nbsp;

Forum Discussion

Risk excepting "xml data does not comply with schema or wsdl document"

Recent Discussions

Default retry time inband monitor

how to monitor the axfr master response

Http / https health monitor issue

I used the wrong email account when take Application Delivery Exam (101)

F5 looses the token for the first call

Related Content

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

ASM IP Exceptions

Ansible Error: An exception occurred during task execution

iControl 101 - #05 - Exceptions

except ip from asm logging

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS