whitelist a file type for a specific parameter

Question

Is it possible to whitelist a file type for a specific parameter in a ASM/WAF policy

We need to allow files with .exe file extension for query parameter fileName=abc.exe

e.g.

https://test.com/v1/dl/getContent/123/456?filename=abc.exe

samir · Answer

Suggest you to with F5 ASM/WAF irule to bypass it.  If you will allow .exe extenstion then all the exe will be bypass.

deepsri · Answer

Yes that is what i thought as the GUI does not provide an option to do that. Thanks for the reply

ragunath154 · Answer

as per your http requestthe file type is no_ext  and parameter name : filename and parameter value :abc.exe&nbsp;so uploading the abc.exe wont trigger illegal file type as its parameter value of filename.you need to add the parameter filename and set its data type as fileupload and disable the option Disallow File Upload of Executables&nbsp;&nbsp;

deepsri · Answer

Thanks for the helpful reply Ragunath. I will try this option. Presently i have allowed .exe for the entire policy

Forum Discussion

whitelist a file type for a specific parameter

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRule for IP Whitelist on specific URL

ASM block all whitelisted urls and parameters in standby device

Brute Force protection for single parameter like OTP

F5 Whitelisting/ Allowing a specific range of traffic to VS

Global Blacklist or Whitelist

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS