Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

JSON data and illegal parameter name

Hello Expert

ASM is in blocking mode. ASM is triggering illegal parameter. When I checked the actual request then content type is application/json and payload looks like that {"run-stateless":"true","data":{"variables":{"exclude_discipline":""}}}. In auto policy learning I did not check the JSON, so I believe now F5 is not able to parse JSON content. The problem is there are lots of URL where this is happening. Now if I make the JSON profile to which URL I have to bind? or if I enable on Wildcard URL or all URL?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can certainly add it to the wildcard URL, but I'd recommend you create a header based content profile to match content-type application/json and apply the json profile to this. The default will still be HTML.

See https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-2-0/8.html for help on this.

Hope this helps

N

0
Comments on this Answer
Comment made 28-Dec-2015 by ghost-rider 393
Thanks. I will try that. I just forgot to mention that ASM triggering the violation 'illegal parameter' and name is showing {"run-stateless":"true","data":{"variables":{"exclude_discipline":""}}} with no parameter value. So do you think after enabling JSON profile, it will not call this whole JSON string as parameter?
0
Comment made 28-Dec-2015 by nathan 7337
I can't be certain on that. JSON can look odd is ASM. The profile enables ASM to better protect the JSON payload really. See how u get on.
0
Comment made 28-Dec-2015 by ghost-rider 393
still I am getting lots of illegal parameter in violation. I think I have no choice to uncheck the block setting for illegal parameter or wildcard parameter creation to accept :(
0
Comment made 29-Dec-2015 by ghost-rider 393
Nathan. Can you please give me the heads up how to test if ASM is parsing JSON correctly. Also I applied JSON profile to wild card URL, I have all explicit URL also there in Allowed URL, is this the right way to do or I have to apply to all individual URL?
0
Comment made 29-Dec-2015 by nathan 7337
Only apply to wildcard if the content based header is set to JSON profile and the default is html. Not sure how to easily test JSON in ASM. You'd need to use a tool like fiddler and try to create a bad JSON payload.
0
Comment made 21-Jan-2016 by Mike Maher 410
Not sure if got this fully sorted out or not, but the reason you were seeing all the Illegal Paramters was because you didn't have a JSON content profile applied to tell ASM how to parse the data, the same thing can happen with XML. Normally once you apply the content profile to the URL or parameter the strange blocks go away. In your case I would say apply a JSON profile to all URLs that are seeing those strange Illegal parameters blocks. Also keep in mind when wildcarding (either URL or parameters) that the ASM evaluates the request based on the most specific entry you have in the policy. So if you have /website/*.html and have a JSON profile there, but also have /website/index.html and do not have a profile on that URL, you will still see blocks because the ASM will parse based on the settings in the more specific entry. Hope this helps
1