I am presently trying to solve an ASM block issues concerning JSON formatted data. We have a VIP to which a ASM policy is associated. This ASM policy has a XML and JSON profile added. The ASM is blocking the JSON data with a message VIOL_JSON_MALFORMED malformed Document.The JSON data in question is
In the above data if i remove the start and end " and the \, then it passes. But the customer is not willing to do that
I used a online tool https://jsonformatter.curiousconcept.com/ to validate the format of the JSON data
In the above mentioned site, there are two JSON standard RFC's to choose from, the default is RFC 4627, with this RFC the validation fails. With RFC 7159 selected, the data is passed as a valid JSON format
I used another online tool jsonlint, where this data is marked as valid
Now my question is, what standards are used in F5 ASM for JSON validation. I could not find this information.
This is clearly an invalid JSON grammar, I have no idea how your customer is parsing this data.
Since the whole thing is in double-quotes it makes the whole structure a string, not JSON. So it fails RFC4627 straight away (JSON must start with an object, not a string).
If you remove the outer double-quotes:
then it fails both RFC4627 and RFC7159!
On a historical note - F5 ASM dates back to 2004 and RFC7159 was released in 2014, so I assume that F5 ASM's JSON parser is using RFC 4627 (F5 staff please confirm)
Please try to validate at here to just make sure.