Forum Discussion

Nimbostratus

Apr 11, 2018

file upload on parameter: Ignore Value or File Upload, which is better or appropriate?

We have an app that allows document uploads using a parameter. If a user uploads an html doc, for example, it trips 10's of attack signatures. It isn't practical to disable each signature because m...

ASM Advanced WAF

security

boneyard

MVP

Apr 18, 2018

yeah, you will probably be disabling attack signatures forever.

there isn't the right way, it depends a lot on internal rules and how strict you wanna be.

so if you want to not think about it, ignore value. if you want some control file upload (it helps against uploading executables for example: https://support.f5.com/csp/article/K90728313)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

file upload on parameter: Ignore Value or File Upload, which is better or appropriate?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 rSeries || Upgrade tenant

Round-robin method not load balanced

F5 AI Roadmap

F5 object groups in AFM

F5 BGP Peering in Active /Standby Cluster

Related Content

File Uploads and ASM

File upload and ASM

Brute Force protection for single parameter like OTP

F5 Automation Toolchain Upload

Handle False Positive for files upload

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS