JSON
19 TopicsDeclaration for loading Cert/PrivKey in Common
Dear F5 enthousiasts, I want to add a certificate and a private key to my F5 through a AS3 declaration under System > Certificate Management. The certificate must be placed under the /Common partition only, and no path is necessary. The declaration I created looks as follow: { "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "declaration": { "class": "ADC", "schemaVersion": "3.45.0", "id": "import-cert", "label": "Certificate Import", "Common": { "class": "Tenant", "myCertName": { "class": "Certificate", "certificate": { "base64": "<base64 encoded certificate>" }, "privateKey": { "base64": "<base64 encoded private key>" } } } } } But when I POST this declaration to my F5 server I get the following message back: { "code": 422, "errors": [ "/Common: should NOT have additional properties" ], "message": "declaration is invalid", "host": "localhost", "tenant": [ "Common:" ], "declarationId": "import-cert" } I tried to find answers but cloudn't find anything and I would appreciate help. Thanks in advance, Kr XavierSolved43Views0likes3CommentsBypass "Bad unescape" in Body POST (ASM, POST, JSON)
Here the Block. As you can see is "%" is detected without encoding meaning. This is normal since the "%" is in the Body of the post as JSON data (see below) Of course if I disable the "Bad unescape" in " Learning and Blocking Settings" it works, but my Goal is to bypass using rule on parameter or similar, till now without success. Does anyone have a solution ? ======= JSON on POST Dody Request =======================118Views0likes11CommentsDisable buffer overflow in json parameters
Hi In a file upload using api we allow the file name in base64 encoding. However this triggers the Generic buffer overflow attempt 1 . As of this post it seems signature at json parameter level cannot be disabled. https://devcentral.f5.com/questions/disable-attack-signature-on-particular-json-parametercomment77010 Has there been any change in this? I am using v12? In my json content profile I do not see the buffer overflow sig at all on filtering with the name.2.1KViews0likes8CommentsHTTPS Monitor: JSON File behind login page
Hello, we've already a https monitor that reads the contents of a json file, it looks like this: send string: GET /intern/api/v1/health/portal-status HTTP/1.1\r\nHost: host.company.com\r\n\r\n receive strimg: \"portalStatus\":\"AVAILABLE\" this works fine. but now I need a similar monitor, but the json file is passwort protectet, when I add username/password to the monitor, it doesn't work. when I do a curl: curl -sku monitor:<pw> -H "Content-Type: application/json" -X GET https://host.company.int/monitor/wga/widgets/health.json I get the logon-page for the username/pw I tried some other parameter for curl, but I don't get the content of the json-file. Any ideas? thanks in advance1.3KViews0likes14CommentsASM JSON/XML payload detection & Automatically detect advanced protocols
Hello team, I have a question regarding the learning suggestions, I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL" In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html The Policy Builder builds the security policy as follows: Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload detection) ...etc we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI. Could you please help on this ? Many thanks, Karim560Views0likes3CommentsIs there ressources to mock iControlREST?
Hello all, Is there a huge zip file somewhere with a complete dump of a "classic" F5 installation with virtual servers, policies, etc. I want to mock a iControlREST for unit testing and integration testing of one of our service that use iControl REST but not with production data that can be sensitive and doesn’t belong in a CI/CD chain. Thank you!556Views0likes4CommentsAuthorization Header Defined as Unparsable by F5_ASM
One of our development teams is adding a new OAUTH token feature to an application. Sending the JSON call with the Authorization header creates an error within F5_ASM (ver 15.13): HTTP Validation Unparsable request content Details Unparsable authorization header value I also see that the Authorization header's data is masked, though there's no settings for the Authorization header in the policy. What are my best options for troubleshooting this issue?947Views0likes3CommentsREST API help Pool post
Hi all, I having problems adding the following 3 pieces of group configuration, I'm new to REST and my below POST is successful, but every time I try to add the following 3 additional requirements I get errors, how can i dd these correctly! loadBalancingMode (least conns) minActiveMembers (1) priortyGroup (2 for TESTNODE1 and 1 for TESTNODE2) curl -sk -H "X-F5-Auth-Token:5KUOFXCAENGCZ6XYNF5GKJJS4M" -H "Content-Type: application/json" -X POST https://10.10.10..10/mgmt/tm/ltm/pool -d '{"partition":"Common","name":"test","members":[{"name":"TESTNODE1:19500","address":"10.100.1.5"},{"name":"TESTNODE2:19500","address":"10.100.1.7"}],"monitor":"TEST"}' error example when I try to add priorityGroup............ {"code":400,"message":"Found invalid JSON body in the request.","errorStack":[],"apiError":1} bash-4.2$ bash-4.2$429Views0likes1CommentASM JSON login page
Hi, Trying to configure a JSON login page in ASM. The page first asks for the username and only then for the password. 1) When configuring JSON login in ASM, you must supply both the parameters( username and password), how can I configure only one? 2) In case I'ts possible to configure only one parameter, what is the best approach in this case? to configure 2 different login pages, each with one parameter( 1) password , 2)user)? Thanks, Alex880Views0likes4CommentsQuestion on JSON Content Profiles
Hello all We are testing a new application through ASM. Some POST submissions from the client send the data in JSON format. Some responses from the server to client GET requests are also in JSON format. As ASM’s job is to protect the application is it correct to say that the settings in the JSON Content Profile are primarily concerned with analysing and enforcing the JSON data sent by the client rather than the response from the server? Or is it looking at both the request and response? Thank you363Views0likes3Comments