Forum Discussion
NimbostratusOWA File Upload URIs for WAF Bypass
Hi All,
We are using the OWA 2016 WAF application template (negative security model) and would like to know:
The list of OWA URIs used for file uploads
The recommended URIs to bypass or relax WAF inspection for uploads
Our intention is to disable file upload/payload inspection and signature enforcement only for those URIs, while retaining HTTP compliance checks, as file scanning is handled via ICAP.
Any guidance would be appreciated.
Thanks.
2 Replies
- Nikoolayy1
MVP
This sounds like a project work for the Professional services to be honest.
See
New BIG-IP ASM v13 Outlook Web Access (OWA) 2016 Ready Template | DevCentral as you can enable the learning and AWAF should learn the file upload urls after you accepted them or ask the OWA app team to give you a list of the URLS for file uploads and add it manually as this is web application specific domain knowledge .
For ICAP my article can be helpful :
- zamroni777
You can see the details of the http requests in Network tab of browser developer tool.
Press f12 or go through browser menu to open the tool.
Use the request paths and methods shown as waf filter.
