Forum Discussion

AlsDevC's avatar
AlsDevC
Icon for Altocumulus rankAltocumulus
May 03, 2023

Handle False Positive for files upload

Hi folks,  I'm wondering how to handle uploading files through XC. For example, I have a URL used for uploading files to a web application, say /upload. The files appear to be scanned by XC which d...
  • Sudhir_Patamsetti's avatar
    Sudhir_Patamsetti
    May 03, 2023

    Yes, the reocmmendation is to leave it "enabled" ( the feature is enabled in the default policy ).

    Regarding the comment "lowered the level of protection against SQL Injection type attacks" , could you please open a support ticket with the details ? We will review and make improvements as needed to the model

Stephen_Archer's avatar
Stephen_Archer
Icon for Employee rankEmployee
May 03, 2023

Hi AlsDevC.

If you look at the Security Events in the Security Dashboard and find the event that you believe to be false-positive, then click the `...` in the `Actions` column:

You have the option to `Create WAF Exclusion rule`.  This will take you to the 'WAF Exclusion Rules` section of the Load-Balancer configuration, and pre-populate the configuration for you, to disable the signature on the specific URL.  

Hope that helps.