Bypass "Bad unescape" in Body POST (ASM, POST, JSON)
Here the Block. As you can see is "%" is detected without encoding meaning. This is normal since the "%" is in the Body of the post as JSON data (see below) Of course if I disable the "Bad unescape" in " Learning and Blocking Settings" it works, but my Goal is to bypass using rule on parameter or similar, till now without success. Does anyone have a solution ? ======= JSON on POST Dody Request =======================
Disable buffer overflow in json parameters
Hi In a file upload using api we allow the file name in base64 encoding. However this triggers the Generic buffer overflow attempt 1 . As of this post it seems signature at json parameter level cannot be disabled. https://devcentral.f5.com/questions/disable-attack-signature-on-particular-json-parametercomment77010 Has there been any change in this? I am using v12? In my json content profile I do not see the buffer overflow sig at all on filtering with the name.
HTTPS Monitor: JSON File behind login page
Hello, we've already a https monitor that reads the contents of a json file, it looks like this: send string: GET /intern/api/v1/health/portal-status HTTP/1.1\r\nHost: host.company.com\r\n\r\n receive strimg: \"portalStatus\":\"AVAILABLE\" this works fine. but now I need a similar monitor, but the json file is passwort protectet, when I add username/password to the monitor, it doesn't work. when I do a curl: curl -sku monitor:<pw> -H "Content-Type: application/json" -X GET https://host.company.int/monitor/wga/widgets/health.json I get the logon-page for the username/pw I tried some other parameter for curl, but I don't get the content of the json-file. Any ideas? thanks in advance
ASM JSON/XML payload detection & Automatically detect advanced protocols
Hello team, I have a question regarding the learning suggestions, I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL" In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html The Policy Builder builds the security policy as follows: Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload detection) ...etc we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI. Could you please help on this ? Many thanks, KarimIs there ressources to mock iControlREST?
Hello all, Is there a huge zip file somewhere with a complete dump of a "classic" F5 installation with virtual servers, policies, etc. I want to mock a iControlREST for unit testing and integration testing of one of our service that use iControl REST but not with production data that can be sensitive and doesn’t belong in a CI/CD chain. Thank you!
Authorization Header Defined as Unparsable by F5_ASM
One of our development teams is adding a new OAUTH token feature to an application. Sending the JSON call with the Authorization header creates an error within F5_ASM (ver 15.13): HTTP ValidationUnparsable request content Details Unparsable authorization header value I also see that the Authorization header's data is masked, though there's no settings for the Authorization header in the policy. What are my best options for troubleshooting this issue?
REST API help Pool post
Hi all, I having problems adding the following 3 pieces of group configuration, I'm new to REST and my below POST is successful, but every time I try to add the following 3 additional requirements I get errors, how can i dd these correctly! loadBalancingMode (least conns) minActiveMembers (1) priortyGroup (2 for TESTNODE1 and 1 for TESTNODE2) curl -sk -H "X-F5-Auth-Token:5KUOFXCAENGCZ6XYNF5GKJJS4M" -H "Content-Type: application/json" -X POST https://10.10.10..10/mgmt/tm/ltm/pool -d '{"partition":"Common","name":"test","members":[{"name":"TESTNODE1:19500","address":"10.100.1.5"},{"name":"TESTNODE2:19500","address":"10.100.1.7"}],"monitor":"TEST"}' error example when I try to add priorityGroup............ {"code":400,"message":"Found invalid JSON body in the request.","errorStack":[],"apiError":1} bash-4.2$ bash-4.2$
ASM JSON login page
Hi, Trying to configure a JSON login page in ASM. The page first asks for the username and only then for the password. 1) When configuring JSON login in ASM, you must supply both the parameters( username and password), how can I configure only one? 2) In case I'ts possible to configure only one parameter, what is the best approach in this case? to configure 2 different login pages, each with one parameter( 1) password , 2)user)? Thanks, AlexQuestion on JSON Content Profiles
Hello all We are testing a new application through ASM. Some POST submissions from the client send the data in JSON format. Some responses from the server to client GET requests are also in JSON format. As ASM’s job is to protect the application is it correct to say that the settings in the JSON Content Profile are primarily concerned with analysing and enforcing the JSON data sent by the client rather than the response from the server? Or is it looking at both the request and response? Thank you
ASM Flagging JSON Payload Base 64 encoded data as a violation
Hello I have some policies that are accepting encrypted data which has then been encoded with Base64 and sent in a JSON document. However sometimes however this data gets rejected as an attack signature has been triggered. I would really like to leave Attack signature checking on the JSON profile but would like to find a way of filtering out just these signatures that get triggered without blocking legitimate traffic. Currently the URL is in Staging which is allowing them through but I should really enforce this at some point and at that time these violations will get blocked. Has anyone got any suggestions on how I could achieve this. I have been looking at iRules that would unblock a request if a certain criteria is met. James
