Forum Discussion

Nimbostratus

Nov 30, 2012

multipart/form-data

We have several applications which allow the customer to upload files (pdf, doc, ppt, ...) to our servers. Those uploads are performed by multipart/form-data POST requests. Since a while w...

app sec

BIG-IP Access Policy Manager (APM)

security

Torti

Cirrus

Nov 30, 2012

Hi,

we hade have the same problems in the past. So we talked with f5 support.

The result is, you have to disable the detected generic signatures in the policy, if you have a file upload paramater.

At the moment, I select this ones: 200011004, 200011015, 200011016, 200011018, 200011019, 200011020, 200011023, 200011026

It doesn't depends on your parameter settings, because generic signatures are global policy signatures. You cannot disable them on parameter level.

Is it unsecure? I dont think so. Depending on your settings, you have so many active signatures...

regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

multipart/form-data

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Change Content-Type from application/octet-stream to multipart/form-data

ASM : Multipart/form-data parameter value violation

ignore nested Content-Type inside multipart/form-data

ASM Reading PDF Content as Attack from Multipart/Form-data Web Form Upload

iRule is called many times for the same multipart/form-data form post

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS