Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Unable to mask XML parameter


Hello F5 experts,

I was configuring AWF policy and faced a problem with masking value of XML parameter. but without success.

I've imported XML scheme. I've configured Value Masking according to the documentation. I've tried to configure it as a Sensetive Parameter, but without success.

What am I missing? What should I set up? Where am I making a mistake?

I will be glad for any help.


Hi @Aantat ,

I faced same issue with AJAX profile, and one missed thing here is attaching XML profile you create in (Wildcard) HTTPS url.

You can follow below KB (K39482497) and share result with us.


I followed that KB but I'm still facing same issue. It's not working



If kyou are facing a problem with masking XML parameter value in AWF policy. Imported XML scheme, configured Value Masking as per docs, and marked it as Sensitive Parameter but unsuccessful. Check XML schema alignment, review masking configuration, and test with sample XML payloads. It can be solution.


Hello experts,

I'm still facing the issue with masking parameter value. I've tried lot's of combinations in Header-Based Content Profile, but no success.

Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?

How can I validate my XML scheme? Could the problem is wrong XML scheme?

Added some screenshots with requests and example of configurations.ar2.PNGar1.PNG

@Aantat "Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?"

That's correct. Your Content-Type is 'application/x-www-form-urlencoded' which will not match the *xml* Content-Type expected to trigger the XML parsing and XMl profile assisngment. Hence, the data won't be masked. 

If all the requests to this URL are expected to be XML even if the request does not present the correct Content-Type, you can configure content-type '*form*' and treat it as an XML.