Forum Discussion

Nimbostratus

Dec 15, 2015

Applying iRule to ASM policy - file upload form protection

So, I have found the following iRule which should block the upload of PHP files in file upload forms: when HTTP_REQUEST { if { [HTTP::header exists "Content-Disposition"] } { ...

ASM Advanced WAF

security

Stefan_Klotz

Cumulonimbus

Dec 16, 2015

Maybe I'm totally wrong, but the initial iRule has nothing to do with ASM and is based on standard LTM functions. So nothing specific to configure on ASM-side.

Try to adjust your iRule like this:

when HTTP_REQUEST {
    if { [HTTP::header exists "Content-Disposition"] } {
        log local0. "Content-Disposition: [HTTP::header value "Content-Disposition"]"
        switch -glob [HTTP::header value "Content-Disposition"] {

And verify your logs afterwards. Either the header isn't available at all or it doesn't match your switch-statements.

Ciao Stefan 🙂

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Applying iRule to ASM policy - file upload form protection

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

F5 API Security: Discovery and Protection

NGINX App Protect v5 Signature Notifications

L7 DoS Protection with NGINX App Protect DoS

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS