Forum Discussion

SteveD1979's avatar
SteveD1979
Icon for Cirrostratus rankCirrostratus
Jan 16, 2024

Disabling ASM attack signature for file upload

Hello, We have an application where customers may attach files when they submit an enrollment.  Sometimes the upload of these files are being blocked by our ASM policy because they are similar to a ...
application delivery
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Jan 16, 2024

Hi SteveD1979,

The request body handling control can be disable by checking on the content-type or a different specific header value.

"Content-type: multipart/form-data" header is sent on file upload. It may has a different value based on the application.

  • SteveD1979's avatar
    SteveD1979
    Icon for Cirrostratus rankCirrostratus
    Jan 18, 2024

    Thanks for your reply.  Does the 'Do nothing" option allow the customer to upload the file but keep the security policy in place for the URL?  Or would we want to do the form data or another option?

    • afr_jn's avatar
      afr_jn
      Icon for Altocumulus rankAltocumulus
      Feb 01, 2024

      If the Content-Type matches to multipart/form-data (or: spesific file upload) for spesific URL, the body handling will do nothing. If the Content-Type does not mathes to multipart/form-data, such as Content-Type: text/html; charset=UTF-8, the body handling will apply value and content signatures.

  • SteveD1979's avatar
    SteveD1979
    Icon for Cirrostratus rankCirrostratus
    Feb 14, 2024

    The filename can only be two different things.  Is there a way to look at the payload and if it contains one of those file names allow the upload and keep the ASM policy in tact?