Malformed XML

Question

Hello,&nbsp;
&nbsp;We are getting a lot of Malformed XML errors on our ASM policy, in the View Full request window I am seeing the XML, but it appears to be truncated. Should the full request window show me all of the XML, or is it that because of the truncation the ASM throws a malformed error because it is incomplete and therefore malformed?&nbsp;
&nbsp;Also I get attack signatures being triggered at the same time, but I am assuming this is again because the data is not complete so the XML parsing is being screwed up.&nbsp;
&nbsp;Finally the XML profile is schema-less, so I assume it does minimal parsing of the XML (just checking for closing tags for example)?&nbsp;
&nbsp;Thanks,&nbsp;
&nbsp;Ian&nbsp;

imac_105647 · Answer

I have solved this problem for my situation at least. I had to do a packet capture of the data to determine what was happening. The XML was not being truncated the view full request window doesn't show the whole request. It also didn't show the problem, which was that the XML had leading white space and used 	,  and 
 to format the data. I turned on the Tolerate leading white space and Tolerate malformed entities to workaround the problem. Unfortunately the application in use generates the XML automatically and the developers have little or no control over it.

hooleylist · Answer

Hi Ian, 
&nbsp;  
&nbsp; Yep, the truncated icon in the ASM GUI just indicates that the total request payload was over the maximum that ASM will record and display (maybe 8k?). 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Malformed XML

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Malformed XML data

XML parsing by XML firewall

F5 StoreFront XML Broker Monitor

Perl Ltm Config To Xml/Excel (version 3.1)

ASM working with xml compressed payloads