Forum Discussion

Nimbostratus

Feb 03, 2025

Issue with AWAF Blocking Compressed Files Despite Wildcard Inclusion

I am encountering an issue where AWAF blocks compressed file extensions such as zip and rar, even though they are already included in the wildcard settings. When a user attempts to upload these files...

devops

security

Nikoolayy1

MVP

Feb 06, 2025

Hello I have been working many years with F5 and the WAF max can block file executables as shown in Configuring the BIG-IP ASM system to block file uploads containing binary executable content . One way with regex as shown in WAF - Allow uploads of only files with certain extensions and block all other file uploads | DevCentral is to match the extensions in the parameter value but AWAF is not meant for this as better use ICAP and send traffic to a malware and content detection system that will do more than just checking extensions as this is no real security at all but will actually analyze the file.

Metadefender can do advanced file type detection for example:

See:

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature | DevCentral

Integrating OPSWAT MetaDefender with F5 Advanced WAF & BIG-IP ASM | DevCentral

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)