Forum Discussion

Nimbostratus

Apr 11, 2018

file upload on parameter: Ignore Value or File Upload, which is better or appropriate?

We have an app that allows document uploads using a parameter. If a user uploads an html doc, for example, it trips 10's of attack signatures. It isn't practical to disable each signature because m...

ASM Advanced WAF

security

boneyard

MVP

Apr 18, 2018

yeah, you will probably be disabling attack signatures forever.

there isn't the right way, it depends a lot on internal rules and how strict you wanna be.

so if you want to not think about it, ignore value. if you want some control file upload (it helps against uploading executables for example: https://support.f5.com/csp/article/K90728313)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)