Would the AWAF parse JSON in a http responses?

Question

Hi;&nbsp;I know that the AWAF did not do it in version 12. I thought I would ask to see if the JSON data in HTTP responses can be parsed now.&nbsp;&nbsp;KindlyWasfi

greasy_pretzel · Answer

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/logging-application-security-events.html

About logging responses

If you enable response logging in the logging profile, the system can log only responses that include the following content headers:

"text/..."
"application/x-shockwave-flash"
"application/sgml"
"application/x-javascript"
"application/xml"
"application/x-asp"
"application/x-aspx"
"application/xhtml+xml"
"application/soap+xml"
"application/json"

The system cannot log other responses.

If your response have the "application/json" then system should log the response.

The manual for v12.1.x says the same.

ivan_chernenkii · Answer

AWAF doesn't parse JSON data in HTTP responses.For what use case do you need it?Can attack signatures in response solve your problem?

Forum Discussion

Would the AWAF parse JSON in a http responses?

2 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

Json parsing with iRules

Introduction of Incident Response

Parsing F5 BIG-IP LTM DNS profile statistics and extracting values with Python

custom response page for api

Parse username from server response