Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Oct 05, 2021

Can't upload msg file - ASM block

WAF block my request due to " attack signature detected" when try to upload msg file , and the Context : HTTP Request Body Unparsed Payload. the request is look like this : Content-Type: multipa...
  • Daniel_Wolf's avatar
    Oct 06, 2021

    This looks correct, though I don't have any lab where I could test this at the moment.

    Your configuration would apply anytime the Content-Type header value is multipart/form-data.

    The Request Header Value allows wildcards. You could try to narrow down to Do Nothing only for .msg files by testing this combination:

     

    Request Header Name : Content-Disposition

    Request Header Value : form-data; name="*.msg"; filename="*.msg"

    Request Body Handling : Do Nothing

     

    EDIT: A word of caution. You should consider to what risk you are exposing your application when not checking these uploads.