Forum Discussion

Cirrus

Aug 08, 2017

xml signatures

I am trying to create a simple policy for web services/xml which would scan the incoming traffic against generic and xml related violations (without format or schema checks). After creating + as...

Cirrocumulus

Aug 08, 2017

ErkkiS,

The way you have created the policy, it will only be a negative security policy, i.e. it will check for signature violations. What you won't get is any protection against XML RFC/Standards e.g. the format of the request. You would be better served by creating a policy based on the Web Services wizard and add your XSD/WSDL file to ensure proper XML validation checking.

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

xml signatures

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

Webtop which has VNC for macos users

Floating IP responds from wrong VLAN/trunk

AST Configuration Assistance

expandsSubcollections and filtering in F5 SDK

Related Content

NGINX App Protect v5 Signature Notifications

Custom Attack Signatures

XML parsing by XML firewall

Disabling signature for a URL

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS