Blocking File Type

Question

how does ASM detect file type to block it when i put it under disallowed file types ?

does it look only on http URI ?

if so what will happen at the below :

i have a policy preventing uploading ".exe" files to Web Server , user will bypass that by renaming the file to ".pdf" then upload it to the server , if ASM is just looking at URI then it will not detect that because URI will contain PDF while real file type is ".exe" ?

sshssh_97332 · Answer

Hi

hooleylist · Answer

The disallowed file types is only applied to the file type in the URI.  Can you post an anonymized copy of the HTTP request headers and payload for a request you want to validate? 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Blocking File Type

2 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Application Programming Interface (API) Authentication types simplified

What is the significance of staging with allowed file types?

Block Referers By Path or File Type

Can't upload msg file - ASM block

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two