Forum Discussion
NimbostratusIssue with AWAF Blocking Compressed Files Despite Wildcard Inclusion
MVPHello I have been working many years with F5 and the WAF max can block file executables as shown in Configuring the BIG-IP ASM system to block file uploads containing binary executable content . One way with regex as shown in WAF - Allow uploads of only files with certain extensions and block all other file uploads | DevCentral is to match the extensions in the parameter value but AWAF is not meant for this as better use ICAP and send traffic to a malware and content detection system that will do more than just checking extensions as this is no real security at all but will actually analyze the file.
Metadefender can do advanced file type detection for example:
See:
F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature | DevCentral
Integrating OPSWAT MetaDefender with F5 Advanced WAF & BIG-IP ASM | DevCentral
