Forum Discussion

FoleyJH_30150's avatar
FoleyJH_30150
Icon for Nimbostratus rankNimbostratus
Feb 20, 2012

Allow Upload of a file by extension

I am using a regular expression on the parameter I am pretty sure is the correct one, but I can still upload a file with pretty much any extension. Based on the documentation and at least one post from 2009, https://devcentral.f5.com/Default.as...aft=813995, I believe I am configuring things correctly but, I am not getting the desired results.

 

 

 

The file is posted as multipart form data.

 

 

 

-----------------------------41184676334

 

Content-Disposition: form-data; name="ICOrigFileName"; filename="Test.sql"

 

Content-Type: application/octet-stream

 

 

 

This is a test file. No SQL added.

 

 

 

-----------------------------41184676334--

 

 

 

 

Regular Expression has been enabled for the parameter "filename". My RegEx pattern is as follows: ([^\s]+(\.(doc|docx|txt|pdf|rtf|wps))$).

 

 

 

The .sql extension should be denied but it is not. I know I have missed something and would like some assistance. You help will be greatly appreciated.

 

 

 

Thanks,

 

TJF

 

  • Got this figured out. The policy blocking settings were not enabled for, "Parameter value does not comply with regular expression". Once this was properly set to block, the regular expression worked as expected.