Forum Discussion

Cirrostratus

Mar 23, 2022

F5 ASM appears not blocking filetypes in http query

F5 v15.1.3.1 My F5 ASM policy is configured to block command executions and illegal file types but for example if I try to browse this url: https://my.web.site/netstat.exe Then ASM blocks the re...

Employee

Apr 09, 2022

In order to block the request, you can follow these steps:

1)_ Fix and use the REGEX : (([A-Za-z0-9_-]+)\.exe).*$
Tool: https://regex101.com/

2)_ Create Attack Signature List.
Security ›› Options : Application Security : Attack Signatures : Attack Signatures List

3)_ Create custom "Attack Signature Sets"
Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets

4)_ Enforce the Signature in the policy

5)_ Test

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 ASM appears not blocking filetypes in http query

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Filetype detected incorrectly in ASM because of dot in URL

Block IP after a number of ASM Blocks

Block traffic

Response and blocking page

domain blocking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS