Forum Discussion

SSHSSH_97332's avatar
Icon for Nimbostratus rankNimbostratus
May 06, 2012

Blocking File Type

how does ASM detect file type to block it when i put it under disallowed file types ?

does it look only on http URI ?


if so what will happen at the below :


i have a policy preventing uploading ".exe" files to Web Server , user will bypass that by renaming the file to ".pdf" then upload it to the server , if ASM is just looking at URI then it will not detect that because URI will contain PDF while real file type is ".exe" ?




2 Replies

  • The disallowed file types is only applied to the file type in the URI. Can you post an anonymized copy of the HTTP request headers and payload for a request you want to validate?