For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andreas_6066's avatar
Andreas_6066
Icon for Nimbostratus rankNimbostratus
Nov 12, 2013

Fileupload blocked by ASM-policy

Hello, we have a website for our customers to provide binary file upload. Sometimes this upload will be blocked by the security policy of this vip. The reason is for example a matching attack-signatu...
Andreas_6066's avatar
Andreas_6066
Icon for Nimbostratus rankNimbostratus
Nov 14, 2013

Yes, that's a possible way. But this would deactivate this signature for the entire policy. The URL is the endpoint of an application and i couldn't manage to get "/file" to work as a Parameter. The ASM don't recognise any Parameter i have tried, although the Option "Handle Path Parameters" is set to "as Parameters". Even a Wildcard-Paramter for "/secure/customerarea/upload/*" with the Parametersetting "ignore value" didn't solve my Problem.

 

Deactivating the Attack Signature for "path traversal" won't be a good idea, i think.