Forum Discussion
Attack signature Generic buffer overflow attempt 27 when uplod video
hello,
We have an application where customers may uplod video on the web, it's trigger blocked by asm policy with attack signature Generic buffer overflow attempt 27, any suggestions?
2 Replies
Hi falah,
there is K000092524: Generic buffer overflow attempt 27 false positive violation to explain you what to do.
KR
DanielWhat I normally do when an application is having an upload capability is to create that specific URL (with method to make it as specific as possible):
Get the Content-Type header content when the application uploads data (it can be different values) and then set it to "Do nothing" under body handling.
The problem with disabling signatures is it will never end. You will end up with disabling so many signature that the feature is so hollowed out it becomes worthless.
I know I potentially slip bad stuff through in the body, but usually that is not a problem WAF-wise as data land on a disk where malware protection should take care of it. It still looks at the headers and with a very specific configuration I think it is a compliant solution. The alternative is to disable WAF and that is even worse.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com