NimbostratusXML Marformed error on ASM - handle GET/POST calls in two different way
Hello,
I have a problem to properly handle calls to an application that uses the same URL for the XML body and GET calls with parameter=value.
To avoid a WAF block (about a XSS xml signature) I created the explicit URL (URL ALLOWED) and I created a new parameter in the URL (creating it with * and applying an XML Profile).
The problem is that in this way the WAF is expected only XML calls, so if you send GET calls with user-input parameters are blocked because the WAF see a malformed XML. Below is an example of blocked request:
GET / xxxxxxxxxxxx?Ticket=ST-10140-4ANIgQ3D54v7Sgzo9aBK-cas HTTP/1.1 Host: xxxxxxxxxxxx.com Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Chrome/35.0.1916.114 Referer: https://xxxxxxxxxxxx.com/ Accept-Encoding: gzip,deflate,SDHC Accept-Language: en-US,en;q=0.8,en-US;q=0.6,en;q=0.4,fr-FR,q=0.2,fr,q = 0.2 Cookies: xxxxxxxxxxxx
The error is:
XML Buffer S Description Malformed document Syntax Error Context Parameter Name: ticket Wildcard Parameter Name: * Parameter Value: ST-10140-4ANIgQ3D54v7Sgzo9aBK-cas XML Profile xxxxxxxxxxxx_XML
Therefore the question is:
Can I setup the WAF to handle the same URL in two different way? I would like to handle ONLY the body (when exist in POST calls) as a XML.
Thank you Elio
