Forum Discussion

FoleyJH_30150's avatar
FoleyJH_30150
Icon for Nimbostratus rankNimbostratus
Jul 11, 2012

ASM flagging SOAP/XML message content as URL Parameters

I have an inbound POST to my web application that uses a SOAP/XML content format. This is the first time I have had to work with this. I used Policy Builder to generate the majority of the security policy. It has correctly identified the URL's and associated parameters. However, without policy builder enabled the POST fails with illegal parameter and flags the following as a parameter:

 

 

< div>

 

 

 

 

How do I indicate to the ASM that this is content and not parameters and values.

 

 

 

Thanks in advance.

 

 

 

 

 

/DIV>

 

APM
app sec
security

6 Replies

Sort By
  • Ido_Breger_3805's avatar
    Ido_Breger_3805
    Historic F5 Account
    Jul 12, 2012
    Hi,

     

    You will need to configure an XML profile for that URL.

     

    Content profiles-XML profile- add XML profile.

     

    Then after you configure it, attach it to the URL (From the URL page -advanced - parsed as XML).

     

    Cheers,

     

    Ido
  • BT_90520's avatar
    BT_90520
    Icon for Nimbostratus rankNimbostratus
    Jul 12, 2012
    Just to add is that XML profile will need the XSD or WSDL schema to check the XML content. You can extract XSD from WSDL also. can see "Associating an XML profile with a URL" as an example in below link. There are association with parameter in the link as well

     

     

    http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_11_0_0/asm_xml_profile.html?sr=22670006

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 13, 2012
    You don't actually need to import and specify a schema in the XML profile. For some implementations, it's enough to just parse the payload or parameter value as XML--not actually validate the schema.

     

     

    Aaron
  • BT_90520's avatar
    BT_90520
    Icon for Nimbostratus rankNimbostratus
    Jul 14, 2012
    Thanks for clarifying Aaron, just another layer of checks for me.

     

    Also for info, there is xml content based routing in ltm

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/3.html
  • FoleyJH_30150's avatar
    FoleyJH_30150
    Icon for Nimbostratus rankNimbostratus
    Jul 23, 2012
    Thanks to all for the information. I have not had an opportunity to revisit this until now. I will implement the suggestions and see if I get the desired results.
  • FoleyJH_30150's avatar
    FoleyJH_30150
    Icon for Nimbostratus rankNimbostratus
    Jul 25, 2012
    This is resolved. Thanks to all for the help. I did have to build a new security profile in order for this to work. The original profile was build using the Production Site Deployment Scenario and not the Web Services scenario.