Forum Discussion

Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Aug 01, 2023

Unable to mask XML parameter

Hello F5 experts,

I was configuring AWF policy and faced a problem with masking value of XML parameter. but without success.

I've imported XML scheme. I've configured Value Masking according to the documentation. I've tried to configure it as a Sensetive Parameter, but without success.

What am I missing? What should I set up? Where am I making a mistake?

I will be glad for any help.

    • Aantat's avatar
      Aantat
      Icon for Cirrus rankCirrus

      I followed that KB but I'm still facing same issue. It's not working

  • Hello,

    If kyou are facing a problem with masking XML parameter value in AWF policy. Imported XML scheme, configured Value Masking as per docs, and marked it as Sensitive Parameter but unsuccessful. Check XML schema alignment, review masking configuration, and test with sample XML payloads. It can be solution.

  • Hello experts,

    I'm still facing the issue with masking parameter value. I've tried lot's of combinations in Header-Based Content Profile, but no success.

    Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?

    How can I validate my XML scheme? Could the problem is wrong XML scheme?

    Added some screenshots with requests and example of configurations.

    • Aantat "Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?"

      That's correct. Your Content-Type is 'application/x-www-form-urlencoded' which will not match the *xml* Content-Type expected to trigger the XML parsing and XMl profile assisngment. Hence, the data won't be masked. 

      If all the requests to this URL are expected to be XML even if the request does not present the correct Content-Type, you can configure content-type '*form*' and treat it as an XML. 

  • When configuring value masking for an XML parameter in F5 Advanced Web Application Firewall (AWF) and encountering issues, there are several key areas to check and ensure proper setup. First, make sure the XML schema (XSD) defining your XML data structure is accurately imported and matches your actual XML data. This schema is crucial for the AWF to understand and process the XML correctly. Next, go to the AWF policy settings under Security ›› Application Security ›› Parameters ›› XML Parameters and select the specific XML parameter you want to mask. Ensure that the 'Value Masking' option is enabled for this parameter. Additionally, add this XML parameter to the list of sensitive parameters in Security ›› Application Security ›› Parameters ›› Sensitive Parameters.  Ross Listen Survey