No matches under XML_CONTENT_BASED_ROUTING
Hello! I have a requirement to match and log selected XML content under APM enabled VS I tried to followhttps://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/routing-based-on-xml-content.html#GUID-CB96E40C-6AA4-4B0F-A8A4-3A131BC10BB1 Here is a XML: <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"> <soap:Header> <t:RequestServerVersion Version="Exchange2007_SP1"/> </soap:Header> <soap:Body> <m:GetFolder xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"> <m:FolderShape> <t:BaseShape>IdOnly</t:BaseShape> </m:FolderShape> <m:FolderIds> <t:DistinguishedFolderId Id="root"></t:DistinguishedFolderId> </m:FolderIds> </m:GetFolder> </soap:Body> </soap:Envelope> Here is a XML profile: ltm profile xml /Common/EWS_xml { app-service none defaults-from xml namespace-mappings { { mapping-namespace http://schemas.microsoft.com/exchange/services/2006/messages mapping-prefix m } } xpath-queries { //m:getfolder/* } } Here is an iRule: when XML_CONTENT_BASED_ROUTING priority 500 { for {set i 0} { $i < $XML_count } {incr i} { if {$static::iteco_exch_debug == 1} { log local1.debug "APM: 0149FFFF:F: [ACCESS::session data get "session.user.sessionid"]: $XML_queries($i) = $XML_values($i)" } } } Unfortunately I miss something and there are no logs nor iRule eventXML_CONTENT_BASED_ROUTING matches Can you help me to understand what is wrong in my configuration?Solved2.6KViews0likes21CommentsHTTP Post SOAP XML monitor with data
I need to set up an HTTP POST monitor that makes a call via SOAP XML, sends some data and I will handle the result, doing the test with CURL works 100%, however, when I configure the HTTP monitor or test using "echo -ne", the header with the data is not forwarded at all. I'm using version 14.1.2.3 1) Below the test via CURL successfully: curl -X POST "http://10..10.10.10:9080/aaa/services/ARService?server=mlt3ho0700&webService=MonitorarServico" -H 'Content-Type: text/xml; charset=UTF-8' -H 'SOAPAction: urn:MonitorarServico/monitorarServico' -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:MonitorarServico"><soapenv:Body><urn:monitorarServico><urn:tipoOperacao>monitorarServico</urn:tipoOperacao><urn:nomeServidor>mlt3ho0740</urn:nomeServidor><urn:portaAplicacao>9080</urn:portaAplicacao><urn:nomeUsuario>TEST</urn:nomeUsuario></urn:monitorarServico></soapenv:Body></soapenv:Envelope>' Answer OK <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><ns0:monitorarServicoResponse xmlns:ns0="urn:MonitorarServico" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ns0:codRetorno>0</ns0:codRetorno> <ns0:msgRetorno>UP</ns0:msgRetorno> </ns0:monitorarServicoResponse></soapenv:Body></soapenv:Envelope> 2) Test when configuring the HTTP monitor or using echo -ne (echo -ne "POST http://10.10.10.10:9080/arsys/services/ARService?server=mlt3ho0700&webService=MonitorarService \r\n HTTP/1.1\r\nContent-Type: text/xml;charset=utf-8\r\nSOAPAction: urn:MonitorarServico/monitorarServico\r\n\r\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"xmlns:urn=\"urn:MonitorarServico\"><soapenv:Body><urn:monitorarServico><urn:tipoOperacao>monitorarServico</urn:tipoOperacao><urn:nomeServidor>mlt3ho0740</urn:nomeServidor><urn:portaAplicacao>9080</urn:portaAplicacao><urn:nomeUsuario>TEST</urn:nomeUsuario></urn:monitorarServico></soapenv:Body></soapenv:Envelope>\r\n"; cat) | nc 10.80.41.92 9080 Answer NOT OK <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.userException</faultcode><faultstring>org.xml.sax.SAXParseException; Premature end of file.</faultstring><detail><ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">mlt3ho0740</ns1:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope> Ncat: Broken pipe. Has anyone ever needed to do something in this direction that can help me? I tried to do a test using JSON and faced the same problem, in this case, example I used the BIG-IP itself.Solved1.7KViews0likes2CommentsBigIP ASM Problems with FileUploads with SOAP
Hi there, actually my ASM Policy is blocking a file upload for one application with the error message: HTTP protocol compliance failed Chunks number exceeds request chunks limit: 1000 I raised the chunks limit blindly from 1000 to 1500 with no success. Where I can see the actually number of chunks without capturing the traffic? After disabling the funktion "Unparsable request content" Upload went through without a problem. But from the notice I would stick this on? Note that disabling this check can result in losing many enforcement features in the ASM. Sametime I get the following syslogs: ASM out of memory error: event code X242 Exceeded maximum memory assigned for XML/JSON processing Cannot allocate 27415074 more bytes for XML parser. current memory size 837505174 (in bytes) As you can see I raised the available memory for XML request from 450MB (default) to nearly the double.1.4KViews0likes14CommentsXML parsing by XML firewall
Good day. I have a financial application behind my F5 (i2800) and I need to search specific fields in XML body of requests/responses to/from this application and log theese pairs (one value from request, another - from corresponding response) to the remote HSL. Such a simple anti-fraud system. I know this can be done via iRule, but can I use XML firewall in ASM to realize it? I don't want to use an iRule because it's not scalable and number of these pairs of XML fields I need to parse and log will grow quite rapidly. Thank you.Solved1.2KViews0likes2CommentsMalformed XML data
Hi all, have xml request like below ASM was detect this request as XML parser attack (Malformed XML data). In policy XML profile is Default When delete all <value> and <field>, request is ok BI It's by desing with default XML profile? is there a solution that would allow the request to be resolved given with this <value> and <field>. Thx799Views0likes1CommentCache based on SOAP XML Envelope content
Hi guys! We got a tricky question from our developers. They have a service which gets a bit too much traffic and would like to cache the responses for around 10 seconds based on the content in the envelope tag of a SOAP request. I have an idea but I'd like to check with you guys first before starting to look into it properly. So here's the sample SOAP request (could not paste it here so I needed to use tny): http://tny.cz/bbfdf261 My idea is to parse the SOAP request and create an URI out of the envelope content and cache the request based on the URI: https://subdomain.domain.com/PartnerService/PartnerServices.svc?FetchLiveMarkets=1&siteid=1&numberofmarkets=10&timezonename&gmtstandardtime&partnerref=1 Looking into either using HTTP::payload or the XML commands (not sure if I can trust them in production though as it requires an EA license. The alternative is to throttle the incoming requests and limit them to 1 per second but I prefer not to go down that route if the caching works. Perhaps there's a better way? Grateful for any ideas, suggestions or even warnings. :) Kind regards, Patrik609Views0likes3CommentsASM JSON/XML payload detection & Automatically detect advanced protocols
Hello team, I have a question regarding the learning suggestions, I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL" In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html The Policy Builder builds the security policy as follows: Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload detection) ...etc we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI. Could you please help on this ? Many thanks, Karim499Views0likes3CommentsXML Content Based Routing
I am trying to configure my LTM to send VS requests to a specific pool based on the content of an XML document. The XML contains an 'orgName' which is essentially a customer identification number. I want to compare the orgName with the contents of a data group and if there is a match send the request to pool_A else send the request to the pool_B. Any help would be greatly appreciated!475Views0likes7CommentsCan I allow Buffer Overflow attack signatures in just an XML request?
The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..... We have determined that the "A"s represent the white space in the image and since it is a receipt, a large area of it is white, but this is throwing the Generic buffer overflow attempt 1 attack signature due to the large sequence of "A"s. The question is if there is a way to just turn off this signature for this URI. Since the overflow false positive is in the XML I do not know of a way to do this, and we do not what to have to turn off buffer overflow signatures for the whole site. We only have one policy for the whole site and are unable to use the LTM side to split up the traffic to different policies. Thank you.451Views0likes2Comments