Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Oct 05, 2021

Can't upload msg file - ASM block

WAF block my request due to " attack signature detected" when try to upload msg file , and the Context : HTTP Request Body Unparsed Payload. the request is look like this : Content-Type: multipa...
application delivery
ASM Advanced WAF
BIG-IP
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Oct 06, 2021

    This looks correct, though I don't have any lab where I could test this at the moment.

    Your configuration would apply anytime the Content-Type header value is multipart/form-data.

    The Request Header Value allows wildcards. You could try to narrow down to Do Nothing only for .msg files by testing this combination:

     

    Request Header Name : Content-Disposition

    Request Header Value : form-data; name="*.msg"; filename="*.msg"

    Request Body Handling : Do Nothing

     

    EDIT: A word of caution. You should consider to what risk you are exposing your application when not checking these uploads.

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP

The strange thing is that I as well may test this solution as I have a query paramater in a POST request (strange yup !) that is for file upload with Content-Type: application/xxxx but F5 ASM/AWAF still is trying to inspect the body and thinks that the file body is another Parameter name and I get "Failed to convert character" and "HTTP protocol compliance failed", so making the query parameter of type file upload just can't stop the F5 to try to understand the body and try to check it 😁

myselt's avatar
myselt
Icon for Nimbostratus rankNimbostratus
Sep 11, 2023

are you have any  solution ?