cancel
Showing results for 
Search instead for 
Did you mean: 

XML parsing by XML firewall

Vladimir_Shishk
Altocumulus
Altocumulus

Good day.
I have a financial application behind my F5 (i2800) and I need to search specific fields in XML body of requests/responses to/from this application and log theese pairs (one value from request, another - from corresponding response) to the remote HSL. Such a simple anti-fraud system.

I know this can be done via iRule, but can I use XML firewall in ASM to realize it?
I don't want to use an iRule because it's not scalable and number of these pairs of XML fields I need to parse and log will grow quite rapidly.

Thank you.

1 ACCEPTED SOLUTION

AubreyKingF5
Community Manager
Community Manager

You can DEFINITELY use ASM / AWAF to inspect XML. ASM has an option to upload a WSDL to build policy from when you're doing explicit XML firewalling. The only thing that a true-to-form XML Firewall does that ASM does not is XML transformation. This may have changed in more recent AWAF versions, unbeknownst to me.

View solution in original post

2 REPLIES 2

AubreyKingF5
Community Manager
Community Manager

You can DEFINITELY use ASM / AWAF to inspect XML. ASM has an option to upload a WSDL to build policy from when you're doing explicit XML firewalling. The only thing that a true-to-form XML Firewall does that ASM does not is XML transformation. This may have changed in more recent AWAF versions, unbeknownst to me.

Thank you for your answer, Aubrey,

Bu how can I send these parsed values to an external HSL server?

Should I use an iRule for this?