F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
28-Sep-2021 03:46
Is it possible to whitelist a file type for a specific parameter in a ASM/WAF policy
We need to allow files with .exe file extension for query parameter fileName=abc.exe
e.g.
https://test.com/v1/dl/getContent/123/456?filename=abc.exe
28-Sep-2021 21:06
Suggest you to with F5 ASM/WAF irule to bypass it. If you will allow .exe extenstion then all the exe will be bypass.
28-Sep-2021 21:21
Yes that is what i thought as the GUI does not provide an option to do that. Thanks for the reply
29-Sep-2021 23:58
as per your http request
the file type is no_ext and parameter name : filename and parameter value :abc.exe
so uploading the abc.exe wont trigger illegal file type as its parameter value of filename.
you need to add the parameter filename and set its data type as fileupload and disable the option
Disallow File Upload of Executables
30-Sep-2021 00:05
Thanks for the helpful reply Ragunath. I will try this option. Presently i have allowed .exe for the entire policy
or learn more...
