Forum Discussion
Wasfi_Bounni
Cirrocumulus
CirrocumulusWhat is the significance of staging with allowed file types?
Hi; I understand the significance of stagin with attack signatures. However, I am trying to understand it for an allowed file type. Let's say that PHP is a file type in the list of allowed file typ...
Hi Wasfi_Bounni,
configuring file types is more than just adding a file extension like .php to an allow list, file types also have attributes like URL Length, Request Length, Query String Length or POST Data Length. Also Response Signatures, attack signatures that are designed to inspect responses, can be applied to file types.
The verify that all these attributes and signatures are configured correctly and to avoid false positives, you can (should) perform staging on file types.Makes sense?
KR
Daniel
Daniel_Wolf
MVP
MVPHi Wasfi_Bounni,
configuring file types is more than just adding a file extension like .php to an allow list, file types also have attributes like URL Length, Request Length, Query String Length or POST Data Length. Also Response Signatures, attack signatures that are designed to inspect responses, can be applied to file types.
The verify that all these attributes and signatures are configured correctly and to avoid false positives, you can (should) perform staging on file types.
Makes sense?
KR
Daniel
Wasfi_BounniCirrocumulus
CirrocumulusThank you Daniel.