Forum Discussion
Issue with AWAF Blocking Compressed Files Despite Wildcard Inclusion
I am encountering an issue where AWAF blocks compressed file extensions such as zip and rar, even though they are already included in the wildcard settings. When a user attempts to upload these files, AWAF generates a Support ID, instructing me to add the parameter s_SweFileName in the form data.
After adding the s_SweFileName parameter, AWAF permits the upload of all file types, regardless of whether they are listed in the wildcard or not. This behavior is problematic as it bypasses the intended security restrictions.
I am looking for a solution that allows zip and rar files while maintaining control over other file types.
Please advise.
- raghad5
Altostratus
I'm facing a similar issue can anyone help?
Hello I have been working many years with F5 and the WAF max can block file executables as shown in Configuring the BIG-IP ASM system to block file uploads containing binary executable content . One way with regex as shown in WAF - Allow uploads of only files with certain extensions and block all other file uploads | DevCentral is to match the extensions in the parameter value but AWAF is not meant for this as better use ICAP and send traffic to a malware and content detection system that will do more than just checking extensions as this is no real security at all but will actually analyze the file.
Metadefender can do advanced file type detection for example:
See:
F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature | DevCentral
Integrating OPSWAT MetaDefender with F5 Advanced WAF & BIG-IP ASM | DevCentral
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com