Forum Discussion

falah's avatar
falah
Icon for Nimbostratus rankNimbostratus
Jun 04, 2025

Attack signature Generic buffer overflow attempt 27 when uplod video

hello,

We have an application where customers may uplod video on the web, it's trigger blocked by asm policy with attack signature Generic buffer overflow attempt 27, any suggestions?

2 Replies

  • What I normally do when an application is having an upload capability is to create that specific URL (with method to make it as specific as possible):

    Get the Content-Type header content when the application uploads data (it can be different values) and then set it to "Do nothing" under body handling.

     

    The problem with disabling signatures is it will never end. You will end up with disabling so many signature that the feature is so hollowed out it becomes worthless.

    I know I potentially slip bad stuff through in the body, but usually that is not a problem WAF-wise as data land on a disk where malware protection should take care of it. It still looks at the headers and with a very specific configuration I think it is a compliant solution. The alternative is to disable WAF and that is even worse.