Forum Discussion

IoF's avatar
IoF
Icon for Altostratus rankAltostratus
May 12, 2022

ASM/WAF policy - Parameter value type was determined to be "XML value" but really it is "HTML"

Hi, hoping someone can help with this issue.

F5 WAF suggested that the parameter "text" should be "XML value". I agreed and and I'm using the default XML content profile.

However the actual value looks like HTML code to me, which is not an option anywhere AFAIK. Mostly there are no issues, except for some special situations like this particular request that contains "(" and ")" characters in the value.

As a result I'm getting an error:

XML Buffer(
DescriptionMalformed document
Illegal data between tags
Context
Parameter Location

Form Data

Parameter Level

Global

Parameter Name

text

Parameter Value
***************

The request looks very similar to the one below:

POST /aaa/bbb HTTP/1.1
Host: aaa.bbb.org
Connection: keep-alive
Content-Length: 00000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://aaa.bbb.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://aaa.bbb.org
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ************
X-Forwarded-For: 1.1.1.1

text=<b>aaa+aa.+11111+aa+aaaaaaa+111+1111+</b>(<a+href="https://www.ccc.org/ddd/111/ppp.pdf">aaaa11.222</a>+-+oooooooooo)+(eeeeeeeee+jjjjjjjjjj+1,+2222)
&input_format=full_html&token=xxxxxxxxxxxx

Is there any way to tweak the XML content profile to make this work, or should I switch the parameter to user-input/alphanumeric and add the HTML meta characters as allowed?

1 Reply

  • Pache's avatar
    Pache
    Icon for Nimbostratus rankNimbostratus

    You could define /aa/bb on the allow URLs and add to it a Header Based Content Profile:

    Request Header name: Content-Type

    Request Header Value:* application/x-www-form-urlencoded * 

    Request Body Handling: Form Data

    Profile Name: N/A

    Then you can create a parameter text and select the parameter value type to XML value. Then use the XML default content profile