File upload Restriction on ASM

So yes you can do this, but not in the area that you have mentioned. Allowed File types is checking the file extension on the URL, not a parameter or its value. So based upon what you are saying, in Allowed File Types you need to allow for aspx, then I am assuming that the file name is a value of a parameter being passed. So what you want to do is go define that parameter set it up as a Parameter Value Type of User Input with a Data Type of Alpha-Numeric parameter, and then use a Reg Ex to control the file type. Here is what I am using, not sure if that is the best way but I am not a Reg Ex wizard by any means :)

(?i).(txt|pdf|doc|docx|csv|xls|xlsx|jpg|png|gif|jpeg|tiff|tif|ppt|pptx)$

I also assume there is another parameter that contains the actual file upload itself. You want to create that Parameter, and set it up as a Parameter Value Type of User Input with a Data Type of File Upload, you can also disallow .exe files from here. Then if you have an AV scan Engine server, I would also recommend using the AV protection integration to offload that file as it passes through the ASM to be AV scanned. Check the configuration guide for steps on how to set it up (link below).

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-4-0/asm_sys_mgmt.html?sr=370424701037564

Hope that covers your question.