Forum Discussion

ErkkiS_295148's avatar
Aug 08, 2017

xml signatures

I am trying to create a simple policy for web services/xml which would scan the incoming traffic against generic and xml related violations (without format or schema checks).

 

After creating + assigning a Rapid Deployment Policy and assigning Generic + XML signatures to it will ASM check for the XML related violations? (when the XML-policy/web-services part is not configured)

 

Do I understand correctly that everything going towards application will be wildcard matched against selected signature sets (including the XML stuff which should require manual policy configuration) or do the XML signatures only apply after the manual XML policy configuration?

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    ErkkiS,

     

    The way you have created the policy, it will only be a negative security policy, i.e. it will check for signature violations. What you won't get is any protection against XML RFC/Standards e.g. the format of the request. You would be better served by creating a policy based on the Web Services wizard and add your XSD/WSDL file to ensure proper XML validation checking.

     

    Hope this helps,

     

    N