The following POST request triggers the violation "Malformed JSON data" .
POST https://10.10.1.80/ HTTP/1.1
Content-Type: application/json; charset=iso-8859-1
The learning suggestion for this violation is to remove the JSON profile and "apply value and content signatures" to the URL which is not something I want to do.
After some troubleshooting, I noticed that :
If I remove the "é" character from the posted data then the violation is not triggered.
If I remove the ";charset= iso-8859-1" from the Content-Type header the violation is not triggered as well.
I would like to understand why the charset needs to be at its default value (utf-8) for the bigip to understand the "é" character.
PS: I'm in LAB environment and in version 126.96.36.199.
ASM is correct in blocking this request as JSON can't be encoded in charset= iso-8859-1
The JSON Standard (RFC7159) clearly states that:
"JSON text shall be encoded in UTF-8, UTF-16, or UTF-32"
Speak to the application developers as they should be sending JSON in UTF-8 and escaping the special characters. If they question this - point them to the JSON standard.
Link to JSON Standard: https://tools.ietf.org/html/rfc7159
Many thanks samstep !