We have an app that allows document uploads using a parameter. If a user uploads an html doc, for example, it trips 10's of attack signatures. It isn't practical to disable each signature because more will likely get tripped in the future. In testing, if I changed the Parameter Value Type to "Ignore value" OR the Data Type to File Upload, the document was passed to the application without being blocked. My question is, which way is better?
I could also leave the Data Type at Alpha-Numeric and just disable Attack Signature checking on that parameter, but that seemed the worst option.
yeah, you will probably be disabling attack signatures forever.
there isn't the right way, it depends a lot on internal rules and how strict you wanna be.
so if you want to not think about it, ignore value. if you want some control file upload (it helps against uploading executables for example: https://support.f5.com/csp/article/K90728313)