Hello F5 experts,
I was configuring AWF policy and faced a problem with masking value of XML parameter. but without success.
What am I missing? What should I set up? Where am I making a mistake?
I will be glad for any help.
If kyou are facing a problem with masking XML parameter value in AWF policy. Imported XML scheme, configured Value Masking as per docs, and marked it as Sensitive Parameter but unsuccessful. Check XML schema alignment, review masking configuration, and test with sample XML payloads. It can be solution.
I'm still facing the issue with masking parameter value. I've tried lot's of combinations in Header-Based Content Profile, but no success.
Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?
How can I validate my XML scheme? Could the problem is wrong XML scheme?
Added some screenshots with requests and example of configurations.
@Aantat "Could the problem be that the value of the Content-Type is the 'application' and not the 'xml'?"
That's correct. Your Content-Type is 'application/x-www-form-urlencoded' which will not match the *xml* Content-Type expected to trigger the XML parsing and XMl profile assisngment. Hence, the data won't be masked.
If all the requests to this URL are expected to be XML even if the request does not present the correct Content-Type, you can configure content-type '*form*' and treat it as an XML.