File Uploads through a WAF
Let’s say we have a web application with a form field that permits the upload of arbitrary files. It would appear to the user similar to the below:
Aside fro...
Thank you for the very useful article.
If you are on v11.5 or higher though you don't wanna use Compatibility mode as the iRules event mode. I'd go for Normal mode and change the irule as follows
when HTTP_REQUEST {
set unblock 0
if {([HTTP::method] equals "POST") and ([string tolower [HTTP::path]] ends_with "/foo.cfm") and ([string tolower [HTTP::header "Content-Type"]] contains "multipart/form-data") } {
set unblock 1
}
}
when ASM_REQUEST_DONE {
if { $unblock == 1 } {
if {([lindex [ASM::violation_data] 0] contains "VIOLATION_ATTACK_SIGNATURE_DETECTED") and ([ASM::violation details] contains "context request") } {
ASM::unblock
}
}
}