Can't upload msg file - ASM block
WAF block my request due to " attack signature detected" when try to upload msg file , and the Context : HTTP Request Body Unparsed Payload.
the request is look like this :
Content-Disposition: form-data; name="sth.msg" fileName="sth.msg"
the name of parameter take the same name of file upload with each request, so how can we solve this?
This looks correct, though I don't have any lab where I could test this at the moment.
Your configuration would apply anytime the Content-Type header value is multipart/form-data.
The Request Header Value allows wildcards. You could try to narrow down to Do Nothing only for .msg files by testing this combination:
Request Header Name : Content-Disposition
Request Header Value : form-data; name="*.msg"; filename="*.msg"
Request Body Handling : Do Nothing
EDIT: A word of caution. You should consider to what risk you are exposing your application when not checking these uploads.