Forum Discussion

Cirrus

Oct 23, 2020

Wildcard URL with "dot" allowed confused with a file type

Hello evryone I configuered a wildcard URL (/x/y/*) in my ASM policy with the "." as an allowed meta character, but all the requests /x/y/1245.452 for example are blocked by violation illegal ...

ASM Advanced WAF

security

Andrew-F5

Employee

Oct 26, 2020

There's really only two solutions:

(1) Accept the filetype and do nothing

(2) create a wildcard file type which will accept all non-explicit filetypes including no_ext.

no_ext filetypes are those urls with no periods that works in conjunction with wildcards

Note that the burden of enforcement will shift to url matching.

violation will not be a bad filetype, but rather an unknown url

There is a feature request to prevent this behavior but it hasn't been added to any F5 software yet ID400017.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Wildcard URL with "dot" allowed confused with a file type

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

External Data Group Import Failing.

F5 breaking Exchange authentication

Can F5 restrict the file types transferred via FTP?

Dump all host running services during APM logon

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Related Content

Cache Confusion

AS3 TLS_Client VS TLS_Server Schema confusion

Wildcard Parameter signature attack

Wildcard Certificate

iRule http host with wildcard domain

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS