Forum Discussion

Janek_42109's avatar
Janek_42109
Icon for Nimbostratus rankNimbostratus
Apr 12, 2016

ASM : WSDLs and Allowed URLs List

Hello,

 

I'm using ASM module to filter XML traffic with WSDL file.

 

I have an issue with serval security policy. When creating an XML profile, i import an WSDL file and automatically there is an URI added in the Allowed URLs List based on the soap address location of the WSDL. But now i have URIs which are not related to soap address location and now present in the WSDL file.

 

I would like to know how is the Allow URLs List is actually working because from what is see it's now only based to on soap address location. Does anyone has more information about this ?

 

Is there a way to disable the automatic import of the soap address location from the WSDL file to the allowed urls list ?

 

Thank you for your help.

 

ASM Advanced WAF
security
wsdl
xml

1 Reply

Sort By
  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account
    Jun 03, 2016

    The short answer to your question:

     

    Is there a way to disable the automatic import of the soap address location from the WSDL file to the allowed urls list ?

     

    is No.

     

    When you create an XML profile with WSDL validation the system automatically associates a URL or parameter with the application based on the WSDL file. AS part of the XML profile security ASM enforces compliance against XML schema files or WSDL documents. Given that the URL is part of the WSDL the only way ASM can enforce compliance is through importing the URL and not allow modification.

     

    Creating a Security Policy for Web Services:

     

    https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-6-0/6.html?sr=46616374