File Uploads and ASM

Thank you for the very useful article. If you are on v11.5 or higher though you don't wanna use Compatibility mode as the iRules event mode. I'd go for Normal mode and change the irule as follows when HTTP_REQUEST { set unblock 0 if {([HTTP::method] equals "POST") and ([string tolower [HTTP::path]] ends_with "/foo.cfm") and ([string tolower [HTTP::header "Content-Type"]] contains "multipart/form-data") } { set unblock 1 } } when ASM_REQUEST_DONE { if { $unblock == 1 } { if {([lindex [ASM::violation_data] 0] contains "VIOLATION_ATTACK_SIGNATURE_DETECTED") and ([ASM::violation details] contains "context request") } { ASM::unblock } } }