NimbostratusSachin,
The short answer to your question "XML/JSON parameter learning is possible in response body?" is Yes.
Have you had a chance to review documentation? Specifically,
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/6.html
SOL13735 - PB identification of JSON parameter type values - http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13735.html?sr=35044458
The manual has a section on JSON parameters - http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-1-0/asm_parameters.html1048180
NimbostratusThanks Tikka.for your resonse,
1) https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/6.html this is mainly for web service having XML. In my case its JSON parameter in response, how web service policy will work here?
2) https://support.f5.com/kb/en-us/solutions/public/13000/700/sol13735.html?sr=35044458 I have used this option in past with 11.6 ver, but 12.0 ver don't have JSON/XML payload detection under security setting. No idea if this option has move to else where in ASM policy setting.
3) Configuring JSON parameters : This i have tried but not working, also under this topic its written The system validates JSON data found in requests to this parameter based on the settings you configured in the JSON profile. my understanding from this statement is that policy can only learn JSON parameter from request but not from response body. correct me if i'm wrong
Thanks Sachin
