Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
May 06, 2012

Blocking File Type

how does ASM detect file type to block it when i put it under disallowed file types ?

does it look only on http URI ?

 

if so what will happen at the below :

 

i have a policy preventing uploading ".exe" files to Web Server , user will bypass that by renaming the file to ".pdf" then upload it to the server , if ASM is just looking at URI then it will not detect that because URI will contain PDF while real file type is ".exe" ?

 

 

 

app sec
BIG-IP Access Policy Manager (APM)
security
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 07, 2012
    The disallowed file types is only applied to the file type in the URI. Can you post an anonymized copy of the HTTP request headers and payload for a request you want to validate?

     

     

    Aaron