F5 not Identifying Parameter in Text/Plain Upload

Question

In a webkit:&nbsp;&nbsp;content disposition header, name="file" ; filename="EXAMPLE DOCUMENT 2024.txt"Content-type: text/plainDocument data example system (&nbsp;The issue is that there is already a parameter built at the URI for file as an upload, set to block executables. Yet, it seems that the F5 continues to scan the document and it is not picking up the built parameter. Is it doing this by design? Since F5 is able to parse text? This seems to happen on uploads whose content types are text and xml.

zamroni777 · Answer

text format doesnt mean it's safe.for example, sql injection attack, credit card data theft, etc. are also text.for your case, you can create local traffic policy to disable asm or set specific asm policy for the upload file traffic.and btw, content disposition header is usually for http response, not request.that might be the cause why asm block that http upload requesthttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

Forum Discussion

F5 not Identifying Parameter in Text/Plain Upload

Recent Discussions

Redirect https to https virtual server Certificate question

BIG-IP HSB vulnerability CVE-2024-39778

RTMP protocol Virtual Services

Unstable communication L2 and ARP

Uri Rewrite and relative Uri's/Links

Related Content

How to Identify and Manage Scrapers (Pt. 2)

How to Identify and Manage Scrapers (Pt. 1)

Can't identify cookie

Adaptive Apps: Identify underlying issues in a complex app portfolio - Demo Kit

Reliable resources for identifying IP addresses

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS