cancel
Showing results for 
Search instead for 
Did you mean: 

whitelist a file type for a specific parameter

Deepsri
Altocumulus
Altocumulus

Is it possible to whitelist a file type for a specific parameter in a ASM/WAF policy

 

We need to allow files with .exe file extension for query parameter fileName=abc.exe

e.g.

https://test.com/v1/dl/getContent/123/456?filename=abc.exe

4 REPLIES 4

Samir
Nacreous
Nacreous

Suggest you to with F5 ASM/WAF irule to bypass it. If you will allow .exe extenstion then all the exe will be bypass.

Deepsri
Altocumulus
Altocumulus

Yes that is what i thought as the GUI does not provide an option to do that. Thanks for the reply

ragunath154
Cirrus
Cirrus

as per your http request

the file type is no_ext and parameter name : filename and parameter value :abc.exe

 

so uploading the abc.exe wont trigger illegal file type as its parameter value of filename.

you need to add the parameter filename and set its data type as fileupload and disable the option

Disallow File Upload of Executables

 

 

Thanks for the helpful reply Ragunath. I will try this option. Presently i have allowed .exe for the entire policy