Forum Discussion

Cirrostratus

4 years ago

F5 ASM appears not blocking filetypes in http query

F5 v15.1.3.1 My F5 ASM policy is configured to block command executions and illegal file types but for example if I try to browse this url: https://my.web.site/netstat.exe Then ASM blocks the re...

Employee

4 years ago

In order to block the request, you can follow these steps:

1)_ Fix and use the REGEX : (([A-Za-z0-9_-]+)\.exe).*$
Tool: https://regex101.com/

2)_ Create Attack Signature List.
Security ›› Options : Application Security : Attack Signatures : Attack Signatures List

3)_ Create custom "Attack Signature Sets"
Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets

4)_ Enforce the Signature in the policy

5)_ Test

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 ASM appears not blocking filetypes in http query

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

UCS file migration on differing OS versions

qkview: revealing pool members & pools

ASM attack signatures not syncing between active and standby F5

Query on source IP preservation for syslog traffic through F5 virtual server

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

Related Content

Logging/Blocking possible prompt injection

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block IP after a number of ASM Blocks

F5 Distributed Cloud – Why You Should Never Block Regional Edge IPs on Your Firewall

Filetype detected incorrectly in ASM because of dot in URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS