Kurt_Knochner_5
Mar 10, 2014Cirrus
ASM signature check blocking ActiveSync Upload of large files
Hi,
Problem: ASM signature checking thinks there are attack pattern (SQL injection, command execution, etc.) in ActiveSync file 'up-/downloads' (users accessing large attachments via ActiveSync).
Question: What is the best practice to handle this problem?
I have seen similar problems here on Devcentral, but the typical 'solution' was to disable signature check for /microsoft-server-activesyn. However, I don't want to disable signature checking completely as that would weaken the security. Writing an iRule to overwrite the block action seems to be an option (https://devcentral.f5.com/wiki/iRules.ASM__unblock.ashx), but I'm not sure if it's possible to 'identify' the access to an attachment within the iRule.
Thanks!
Kurt