Forum Discussion
Allow Upload of a file by extension
I am using a regular expression on the parameter I am pretty sure is the correct one, but I can still upload a file with pretty much any extension. Based on the documentation and at least one post from 2009, https://devcentral.f5.com/Default.as...aft=813995, I believe I am configuring things correctly but, I am not getting the desired results.
The file is posted as multipart form data.
-----------------------------41184676334
Content-Disposition: form-data; name="ICOrigFileName"; filename="Test.sql"
Content-Type: application/octet-stream
This is a test file. No SQL added.
-----------------------------41184676334--
Regular Expression has been enabled for the parameter "filename". My RegEx pattern is as follows: ([^\s]+(\.(doc|docx|txt|pdf|rtf|wps))$).
The .sql extension should be denied but it is not. I know I have missed something and would like some assistance. You help will be greatly appreciated.
Thanks,
TJF
- FoleyJH_30150NimbostratusGot this figured out. The policy blocking settings were not enabled for, "Parameter value does not comply with regular expression". Once this was properly set to block, the regular expression worked as expected.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com