file upload on parameter: Ignore Value or File Upload, which is better or appropriate?

Question

We have an app that allows document uploads using a parameter.  If a user uploads an html doc, for example, it trips 10's of attack signatures.  It isn't practical to disable each signature because more will likely get tripped in the future.  In testing, if I changed the Parameter Value Type to "Ignore value" OR the Data Type to File Upload, the document was passed to the application without being blocked.  My question is, which way is better?
I could also leave the Data Type at Alpha-Numeric and just disable Attack Signature checking on that parameter, but that seemed the worst option.&nbsp;

boneyard · Answer

yeah, you will probably be disabling attack signatures forever.&nbsp;
there isn't the right way, it depends a lot on internal rules and how strict you wanna be.&nbsp;
so if you want to not think about it, ignore value. if you want some control file upload (it helps against uploading executables for example: https://support.f5.com/csp/article/K90728313)&nbsp;

Forum Discussion

file upload on parameter: Ignore Value or File Upload, which is better or appropriate?

Recent Discussions

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

Related Content

File Uploads and ASM

File upload and ASM

Brute Force protection for single parameter like OTP

Handle False Positive for files upload

F5 Automation Toolchain Upload

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS