xml
28 TopicsF5 ASM XML processing - policy name.
Hello, we have an error message in logs: ASM out of memory error: event code X89 Exceeded maximum memory assigned for XML processing we have already increased both variables total_xml_memory and additional_xml_memory_in_mb to 4GB but they still appear. What i wanted to ask if its possible to identify which ASM policy generates these logs? Or which policy is responsible for the most of xml memory usage? Is it possible to create an irule that will check this and assign custom violation with policy name (and request details) that raised this violation regarding xml memory? Because as it is now we would have to further increase additional xml memory variable and maybe its better to troubleshoot why is it getting exceeded in the first place?141Views0likes5Commentslibxml2 and CVE-2024-25062
Good day All, Apologies for the silly question but I am new to F5, when I was running iHealth on my BigIP running V17.1.2.1 it flagged the above CVE-2024-25062. Is this for the version 17.1.0 - 17.1.2 which includes mine, in general? I am thinking this doesn't affect me because when I look in services (local traffic -> profiles -> services) I don't even see XML, unless I am looking in the wrong place. I also went into the command line did a find on libxml2 and xml2 and didn't find and directories. When I did a find on just xml I did find a few directories but nothing on xml2. So is it safe to say this doesn't affect me or am I wrong? Thank you in advance!! Warren224Views0likes1CommentLTM VS padding payload response with whitespaces and asterisk
I have an application that talks to an old OpenVMS system, which was problematic in permanently closing TCP connections. To resolve this issue, I have put a BIG-IP Virtual Server in between them, so the message flow is now: webMethods --> BIG-IP LTM --> OpenVMS server This has resolved the TCP connection issue, and I thought everything was good. However, the application sends XML, and the VMS system responds with the XML payload. For some reason, BIG-IP is padding the response with lots whitespaces and one asterisk * The webMethods server does not expect the * in the response and fails to process the response to the client (who originally sent the XML). So why is BIG-IP adding the * to the response payload? I've included a WireShark trace image, which shows the BIG-IP VS 10.1.4.170 responding to the webMethods server 10.1.4.225, with the payload, including lots of HEX 20 (whitespace) and one * at the end. My VS configuration uses Type Standard with all the defaults, except, of course, that I've configured the Destination Address and Service Port (3012) and added a Pool. The closes F5 article I have found is this one: K44201501: BIG-IP is padding HTTP response with additional whitespaces https://my.f5.com/manage/s/article/K44201501 However, I don't have Analytics configured on this VS, and I don't have Application Visibility and Reporting (AVR) provisioned. So, this doesn't apply, but it's a similar issue.Solved261Views0likes2CommentsIssues modifying XML content with stream profile & iRule
I've taken an iRule from another DevCentral post and modified it to fit my application. when HTTP_REQUEST { Disable the stream filter for all requests STREAM::disable LTM does not uncompress response content, so if the server has compression enabled and it cannot be disabled on the server, we can prevent the server from sending a compressed response by removing the compression offerings from the client HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text/xml"}{ Replace http:// with https:// STREAM::expression {@http:\\/\\/applicationdomain@https:\\/\\/applicationdomain@} Enable the stream filter for this response only STREAM::enable } } The stream profile is successfully replacing the HTTP: with HTTPS:, but is also including the additional backslash and a Silverlight (smh) error pops up When I remove the second backslash in the iRule, the HTTP: is no longer replaced with HTTPS:, and I'm back to square one. Any ideas on what I might be doing wrong? Thanks in advance!323Views0likes1CommentDeploy BIG-IP Edge Client (iOS) with configuration string
Greetings all, I'm very new to F5 (only responsible for deploying Edge Client with MDM) and need some basic assistance. Are there any more examples available for Configuration XML strings used to deploy the Edge Client via MDM and VPP to iOS devices with connection settings already established? Specifically we are utilizing JAMF as our MDM. Apps can be given configuration settings in their deployment. I was attempting to use the below string but I'm getting an error - 'Incorrect Format'. Help is appreciated. Thanks! We are using user name and password for authentication, and it is an SSL appliance. IPv4 UserDefinedName The Name of our connection VPN AuthName $USERNAME RemoteAddress our F5 Address OnDemandMatchAppEnabled VPNSubType [com.f5.F5-Edge-Client.vpnplugin](//com.f5.F5-Edge-Client.vpnplugin) VPNType VPN403Views0likes0CommentsXML and WSDLs
Hello All, Is there a way for the BigIP to exposed the WSDLs when a client request them instead of the backend server. I have set a Security Policy, a XML profile and installed the WSDLs needed. I had a former infrastructure with IBM Datapower from where this was possible, I wonder if this is possible with the ASM module Customer request is like this GET /foobar-webservices/test?wsdl HTTP/1.1 Host: foo.bar:443 Connection: close Thank you.208Views0likes0CommentsCan I allow Buffer Overflow attack signatures in just an XML request?
The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..... We have determined that the "A"s represent the white space in the image and since it is a receipt, a large area of it is white, but this is throwing the Generic buffer overflow attempt 1 attack signature due to the large sequence of "A"s. The question is if there is a way to just turn off this signature for this URI. Since the overflow false positive is in the XML I do not know of a way to do this, and we do not what to have to turn off buffer overflow signatures for the whole site. We only have one policy for the whole site and are unable to use the LTM side to split up the traffic to different policies. Thank you.564Views0likes2CommentsASM JSON/XML payload detection & Automatically detect advanced protocols
Hello team, I have a question regarding the learning suggestions, I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL" In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html The Policy Builder builds the security policy as follows: Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload detection) ...etc we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI. Could you please help on this ? Many thanks, Karim700Views0likes3CommentsNo matches under XML_CONTENT_BASED_ROUTING
Hello! I have a requirement to match and log selected XML content under APM enabled VS I tried to follow https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/routing-based-on-xml-content.html#GUID-CB96E40C-6AA4-4B0F-A8A4-3A131BC10BB1 Here is a XML: <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"> <soap:Header> <t:RequestServerVersion Version="Exchange2007_SP1"/> </soap:Header> <soap:Body> <m:GetFolder xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"> <m:FolderShape> <t:BaseShape>IdOnly</t:BaseShape> </m:FolderShape> <m:FolderIds> <t:DistinguishedFolderId Id="root"></t:DistinguishedFolderId> </m:FolderIds> </m:GetFolder> </soap:Body> </soap:Envelope> Here is a XML profile: ltm profile xml /Common/EWS_xml { app-service none defaults-from xml namespace-mappings { { mapping-namespace http://schemas.microsoft.com/exchange/services/2006/messages mapping-prefix m } } xpath-queries { //m:getfolder/* } } Here is an iRule: when XML_CONTENT_BASED_ROUTING priority 500 { for {set i 0} { $i < $XML_count } {incr i} { if {$static::iteco_exch_debug == 1} { log local1.debug "APM: 0149FFFF:F: [ACCESS::session data get "session.user.sessionid"]: $XML_queries($i) = $XML_values($i)" } } } Unfortunately I miss something and there are no logs nor iRule event XML_CONTENT_BASED_ROUTING matches Can you help me to understand what is wrong in my configuration?Solved2.9KViews0likes21CommentsXML content based routing help
I'm trying to get some XML content based routing working, but having some difficulty. Hoping someone might help me out here. Here's my xml profile: profile xml { defaults from xml xpath queries "//FirmID" } I have an irule that has an HTTP_REQUEST block (for other URI-based routing), and then this: when XML_CONTENT_BASED_ROUTING { log local0. "XML: $XML_values(0)" switch $XML_values(0) { "199968" { log local0. "send to 10.222.248.20" node 10.222.248.20 443 } "199905" { log local0. "send to 10.206.23.172" node 10.206.23.172 443 } default { log local0. "default send to 10.222.248.21" node 10.222.248.21 443 } } } Sample XML: 199968redactedredacted872A4C348D18178525641CCD9B570954 None of my log statement in the XML_CONTENT_BASED_ROUTING ever trigger. The XML statistics show documents being inspected, but zero matches. What am I missing? Profile and irule in the comments in better formatting - can't get it to work in this post. No idea how to allow the XML code to be posted.261Views0likes1Comment