XML base64 namespace and attack signatures

Question

I have a XML/SOAP application where ASM causes a high number of false positives on the attack signatures.&nbsp;
The main culprit is a namespace which is base64 encoded (embedded picture) where the combination of characters often matches a signature.&nbsp;
Is there a way to disable/unblock signatures when they creates a violation on this specific namespace? &nbsp;
I was thinking of fixing up an iRule but I don't know how to make the match between the namespace and a signature violation.&nbsp;

boneyard · Answer

do you have a XML profile attached? does it recognize the name space as variable?&nbsp;

lnxgeek · Answer

Hmm didn't think of that.&nbsp;
I've only used the WSDL file. &nbsp;
I still don't see how I can match the signature violation with the element?&nbsp;

Forum Discussion

XML base64 namespace and attack signatures

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

How to Split DNS with Managed Namespace on F5 Distributed Cloud (XC) Part 1 – DNS over HTTPS

Exploring Kubernetes API using Wireshark part 2: Namespaces

Perl ARX Namespace

ARX Namespace Info

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS