Attack signature Generic buffer overflow attempt 27 when uplod video

Question

hello,We have an application where customers may uplod video on the web, it's trigger blocked by asm policy with attack signature Generic buffer overflow attempt 27, any suggestions?

daniel_wolf · Answer

Hi falah​,
there is K000092524: Generic buffer overflow attempt 27 false positive violation to explain you what to do.
KRDaniel

lnxgeek · Answer

What I normally do when an application is having an upload capability is to create that specific URL (with method to make it as specific as possible):

Get the Content-Type header content when the application uploads data (it can be different values) and then set it to "Do nothing" under body handling.
&nbsp;
The problem with disabling signatures is it will never end. You will end up with disabling so many signature that the feature is so hollowed out it becomes worthless.
I know I potentially slip bad stuff through in the body, but usually that is not a problem WAF-wise as data land on a disk where malware protection should take care of it. It still looks at the headers and with a very specific configuration I think it is a compliant solution. The alternative is to disable WAF and that is even worse.

Forum Discussion

Attack signature Generic buffer overflow attempt 27 when uplod video

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Efficient Method to Compare F5 Configurations

F5 Big-IQ read-only API username creation.

email alert when service restarts

all possible Domain names that F5 may need to communicate to

irule that presents certificate doesn´ t run in TLSv1.3

Related Content

F5 rSeries: Next-Generation Fully Automatable Hardware

NGINX App Protect v5 Signature Notifications

F5 VELOS: A Next-Generation Fully Automatable Platform

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

IIS 6.0 WebDAV Buffer Overflow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS