Unblocking CSV uploads

Question

Hello,We currently have a server that needs to upload CSV files. If the CSV is well formatted, the users want to be able to export anything from Excel and not get blocked. E.g. headers with ":", text like "sleep", etc.On top of that, they sometimes have long file names, and big files (10 GB).&nbsp;Do you have any advice to which rules put in place for this scenario? We don't want to create security risks, but in any case the CSV is being stored as text in an Elastic Search database.&nbsp;Thank you in advance,Artur

zamroni777 · Answer

the developers can implement compression via javascript etc., especially as the the file size is big.compression will also make those texts to non printable characters that wont trigger sql injection or xss false positive.
https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API#browser_compatibility
anyway, for such big file size, uploading to file server then app server reads from it seems more reliable.
&nbsp;

aswin_mk · Answer

Hi,
&nbsp;
In F5 Side we have to make changes in LTM to allow the big files and ASM to verify the csv file and disable the attack signature (. E.g. headers with ":", text like "sleep", etc.).&nbsp;

Forum Discussion

Unblocking CSV uploads

2 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

CSV to Address External Datagroup File

Export Virtual Server Configuration in CSV - tmsh cli script

File Uploads and ASM

Export GTM/DNS Configuration in CSV - tmsh cli script

File upload and ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS