ASM - Block Extension @ File upload

Question

I want to block any extension from being uploaded to my Website , i want to allow only   ".pdf" extension to be uploaded .
I cann't used allowed / Disallowed file types as this looks on URI , am i right ?
File upload here is @ a parameter called  "FileGet " ...  how to do that ? regular expression under parameter or what ?&nbsp;

mike_maher · Answer

Use a regular expression to control the value of the parameter (if the value is the file name). This should work, and it is easy to add more file extensions if you like, below I am allow for .pdf and .doc. &nbsp;
(?i).(pdf|doc)$&nbsp;
You will probably also have a parameter that is the actual file upload make sure to set that parameter as a file upload value and check the box to say no .exe. I would also recommend using the feature to offload AV scanning of the file to a Scan Engine of some sort. &nbsp;

torti · Answer

To check for an extension is no save way to allow only pdf files. You have to look into the file or a pdf-file can be something else.&nbsp;

torti_93733 · Answer

To check for an extension is no save way to allow only pdf files. You have to look into the file or a pdf-file can be something else.&nbsp;

mike_maher · Answer

Agreed. This is just checking that someone doesn't accidentally submit something else, you want to use the AV integration to check for malicious files.  I am not sure if the the no .exe's check box actually looks at the file or just the extension.

Torti - From a Big-IP standpoint do you have any suggestions on how to check into the file to determine what it really is?  I don't know of any way to do that on the Big-IP but would be interested in any thoughts on the subject.

mike_maher · Answer

Agreed. This is just checking that someone doesn't accidentally submit something else, you want to use the AV integration to check for malicious files.  I am not sure if the the no .exe's check box actually looks at the file or just the extension.

Torti - From a Big-IP standpoint do you have any suggestions on how to check into the file to determine what it really is?  I don't know of any way to do that on the Big-IP but would be interested in any thoughts on the subject.

Forum Discussion

ASM - Block Extension @ File upload

8 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

SSL Orchestrator Service Extensions: DoH Guardian

WAF - Allow uploads of only files with certain extensions and block all other file uploads

Service Extensions with SSL Orchestrator: SaaS Tenant Isolation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS