Wasfi_Bounni
Jan 18, 2024Cirrocumulus
Solved
What is the significance of staging with allowed file types?
Hi; I understand the significance of stagin with attack signatures. However, I am trying to understand it for an allowed file type. Let's say that PHP is a file type in the list of allowed file typ...
- Jan 19, 2024
Hi Wasfi_Bounni,
configuring file types is more than just adding a file extension like .php to an allow list, file types also have attributes like URL Length, Request Length, Query String Length or POST Data Length. Also Response Signatures, attack signatures that are designed to inspect responses, can be applied to file types.
The verify that all these attributes and signatures are configured correctly and to avoid false positives, you can (should) perform staging on file types.Makes sense?
KR
Daniel