Forum Discussion

OmarKhan_249581's avatar
OmarKhan_249581
Icon for Nimbostratus rankNimbostratus
Jun 28, 2018

Whitelisting only specified file extensions on ASM

Hi - I have a request for whitelist only the below approved file extensions;

 

Zip (zip) Word Docs (doc, docx) PDF (PDF) Excel (xls, xlsx) Outlook message files (msg) JPEG (jpeg / jpg) Png (png) Bmp (bmp) Txt (txt)

 

How can i implement on F5 ASM ?

 

Through > Application Security : File Types : Allowed File Types but it will then block other file extensions as well?

 

Regards, Omar

 

ASM Advanced WAF
security
  • Ashwin_Venkat's avatar
    Ashwin_Venkat
    Icon for Employee rankEmployee
    Jun 28, 2018

    Hello Omar,

     

    Have you considered configuring or listing these File Types under Disallowed File Types by navigating through to 'Security ›› Application Security : File Types : Disallowed File Types' within your security policy? As of today, we can only configure explicit entities there, so you can try to see if configuring these file types you listed above under that section helps achieve the desired result.

     

    Best Regards, Ashwin

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 28, 2018

    Hi Omar,

    You can use an Irule for that if you want:

    when HTTP_REQUEST {

set path [HTTP::path]

switch -glob $path {
    "*.pdf" -
    "*.docx" - 
    "*.doc" -
    "*.xlsx" {
        ASM::disable
        log local0. "ASM was disable for following path: $path"
    }
    default {
          nothing
    }
}

}

    Just one question, did you see file extension in the path? if not we have to do otherwise...