For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohanad_313515's avatar
Mohanad_313515
Icon for Nimbostratus rankNimbostratus
Mar 25, 2019

XML data does not comply with schema & Malformed XML data

Hi Everyone   i have configure an XML profile within the BIG-IP ASM security policy to protect XML-based web traffic, but i got some alerts:   1- (XML data does not comply with schema or WSDL d...
ASM Advanced WAF
security
TMOS
Mohanad's avatar
Mohanad
Icon for Cirrostratus rankCirrostratus
Apr 01, 2019

the second issue (Malformed XML data) has been solved:

F5 added the internal parameter "allowXSIRename" that enables you to allow using a namespace prefix different from "xsi" for ";. Set this parameter to 1 to allow different names for the xsi prefix. The default value is 0 (disallow).

This WSDL document is not using the common prefix, by default the BIG-IP won't accept documents using anything other than the common prefix.

If you can't change the application to use the common prefix we can change this behavior on the BIG-IP using this command:

/usr/share/ts/bin/add_del_internal add allowXSIRename 1 bigstart restart asm

bigstart restart asm

tmsh save sys config

This will restart BIG-IP and cause a failover so please perform this in a maintenance window