Support » Plugins » Hacks » How to let xmlrpc go through WAF's checking

  • Hi all,
    I think this question is easy to programmer,i can not post it on code layout. So i post it at here. Thanks.

    I have a wordpress blog site beyond F5’s web application firewall(named ASM),there is a function that define xml profile to protect xml traffic.

    I use wordpress client on ipad to access the blog,but i found the xml post request was denied by F5 ASM as i never define any xml profile before on ASM,so ASM treat the post as normal data and reported there are illegal meta character in post content (eg. <” etc.). So now,i must go to define the xml profile,but in ASM xml profile setting page,it need me upload a schema of xml. How can i get the schema of wordpress? Or any idea on setting this function. Very very thanks.

    Below are the post data that from wordpress client.

    POST /xmlrpc.php HTTP/1.1
    Host: www.****.net
    User-Agent: wp-iphone/2.6.1
    Content-Type: text/xml
    Content-Length: 263
    Accept: */*
    Accept-Language: zh-cn
    Accept-Encoding: gzip, deflate
    Connection: keep-alive

    <?xml version=”1.0″?><methodCall><methodName>wp.getPageStatusList</methodName><params><param><value><string>1</string></value></param><param><value><string>admin</string></value></param><param><value><string>password</string></value></param></params></methodCall>

    Here is the screen snapshot of ASM xml profile setting:

  • The topic ‘How to let xmlrpc go through WAF's checking’ is closed to new replies.