Forum Discussion
rmoss25
Altostratus
AltostratusASM and OPSWAT Metadefender Blank Page after file upload
Hi, I am trying to integrate F5 ASM WAF with OPSWAT metadefender but when I try and upload and EICAR file browser just shows a blank white page. I am using a default security policy in blocking mod...
websec
Nimbostratus
NimbostratusTo answer your questions:
- v15.1.1
- See image
- It's an AJAX request. Here is the full post:
Invoke-WebRequest -Uri "https://www.website.com/api/fdf/form/posttask" `
-Method "POST" `
-Headers @{
"Accept"="application/json, text/javascript, */*; q=0.01"
"X-DIF-APIKEY"="101D9BEF-F159-4470-BB9C-D6C30AC12F77"
"X-Requested-With"="XMLHttpRequest"
"X-DIF-CAT"="asrnl"
"User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"
"Origin"="https://www.website.com"
"Sec-Fetch-Site"="same-origin"
"Sec-Fetch-Mode"="cors"
"Sec-Fetch-Dest"="empty"
"Referer"="https://www.website.com/uploadtest"
"Accept-Encoding"="gzip, deflate, br"
"Accept-Language"="en-US,en;q=0.9,nl;q=0.8"
"Cookie"="CID=AgAAADeLJKEDWTAfH9/3824Y1hU=; _vwo_uuid_v2=D79FABC26D88B00181DA273DE0FA01732|a3af3f7fde6cd39080de5466a00b3dcc; _ga=GA1.2.239643387.1565878568; _vwo_uuid=D50512767714774C8FD6FFC6562EDC54B; adblockerconsent=accept; __utma=129357340.239643387.1565878568.1608811504.1608811504.1; __utmz=129357340.1608811504.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cookieconsent=accept; _gid=GA1.2.274112240.1613403340; ASP.NET_SessionId=hwmx0noyheme4rnswzv50id3; nl__api_fdf=rd4o00000000000000000000ffff0a91c064o80; TS010f430c=0153897e825a2d8b6291176f68b75aaf38f80657ede5e3f6bbe9bfa8fd9958326c5f9a67b53a459b1d313fcf0918ec81b2d7b973a4d223de578505ef34c9804e8b7e3ecb06; SC_ANALYTICS_GLOBAL_COOKIE=4f642f1b13ce4ac297873cf1930adca6|True; TS01a8b93c=0153897e82b55b18155e0864755a38a87583565c16b4de3683dc0af8c9810f6079d6fb77930892c6e373d5a82a42a6c3f98f6624de646aeaf24c2d498d24ffa27ce04ecc2c8f60ac56b421840003788a267e11d7ff; TS01931511=0153897e820cbfb068962d6c813f63d0f743dcabce96abc4bc18a75c5a18fad5d4c0149dc659de8455dc119c5a859f6baf598bc370ae8bddfb942aa7b3f7620b9f3f75a56a; OPTOUTMULTI=0:0|c1:1|c4:1; utag_main=v_id:016c95a2c1590021a53a8afa54900306d003606500c48`$_sn:36`$_se:67`$_ss:0`$_st:1613563167708`$dc_visit:14`$recommender_test:1`$ses_id:1613559424231%3Bexp-session`$_pn:16%3Bexp-session"
} `
-ContentType "multipart/form-data;
boundary=
----WebKitFormBoundaryhaOvsgi1vu8EAy5L
" `-Body ([System.Text.Encoding]::UTF8.GetBytes("
------WebKitFormBoundaryhaOvsgi1vu8EAy5L
$([char]13)$([char]10)Content-Disposition: form-data; name=`"data`"$([char]13)$([char]10)$([char]13)$([char]10){`"Title`":`"upload_test`",`"Token`":`"f09e16fb-bde7-4d0f-9e91-004830b6c697`",`"FutureVersion`":false,`"LastUpdate`":`"a7d659b8-6ce3-4223-abf8-2879a7290648`",`"Trigger`":`"1_b_Verder`",`"FormInput`":[{`"Key`":`"rResultCode`",`"Soort`":`"tekst`"},{`"Key`":`"rMeldingenCode`",`"Soort`":`"tekst`"},{`"Key`":`"rMeldingen`",`"Soort`":`"tekst`"},{`"Key`":`"1_v_file`",`"Soort`":`"file_upload`",`"Waarde`":`"eicar.txt`"}]}$([char]13)$([char]10)
------WebKitFormBoundaryhaOvsgi1vu8EAy5L
$([char]13)$([char]10)Content-Disposition: form-data; name=`"eicar.txt`"; filename=`"eicar.txt`"$([char]13)$([char]10)Content-Type: text/plain$([char]13)$([char]10)$([char]13)$([char]10)$([char]13)$([char]10)
------WebKitFormBoundaryhaOvsgi1vu8EAy5L
--$([char]13)$([char]10)"));
4 No Brute force or session awareness. Web Scraping is renamed to Bot Defense after v14, we also do not use that
thx
Ivan_ChernenkiiEmployee
Thanks for the info.
Do you have single-page application?
If YES, then you need to enable single_page_application system variable on "Security ›› Options : Application Security : Advanced Configuration : System Variables" page.
Also, most probably, you need to enable Ajax Blocking Behavior in Blocking Response Pages configuration.
Can you try it?
Thanks, Ivan