Forum Discussion

Nimbostratus

Dec 15, 2015

Applying iRule to ASM policy - file upload form protection

So, I have found the following iRule which should block the upload of PHP files in file upload forms: when HTTP_REQUEST { if { [HTTP::header exists "Content-Disposition"] } { ...

ASM Advanced WAF

security

sbobic_232506

Nimbostratus

Dec 17, 2015

Disallowing file types will make the web app inaccessible as it's made in PHP. Plus, as a pentester, I would like to have full control in order to block all file upload vulnerabilities(.php3, .phps, exif data, .htaccess shells etc)

All of my logs(illegal, and all requests) at Security > Event Logs > Application > Requests are empty. Maybe because I have set automatic learning mode, and I've started building the policy just yesterday.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Applying iRule to ASM policy - file upload form protection

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

Related Content

L7 DoS Protection with NGINX App Protect DoS

F5 API Security: Discovery and Protection

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

NGINX App Protect v5 Signature Notifications

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS