Whitelisting only specified file extensions on ASM

Question

Hi - I have a request for whitelist only the below approved file extensions;&nbsp;
Zip (zip)
Word Docs (doc, docx)
PDF (PDF)
Excel (xls, xlsx)
Outlook message files (msg)
JPEG (jpeg / jpg)
Png (png)
Bmp (bmp)
Txt (txt)&nbsp;
How can i implement on F5 ASM ? &nbsp;
Through &gt; Application Security : File Types : Allowed File Types but it will then block other file extensions as well?&nbsp;
Regards,
Omar&nbsp;

ashwin_venkat · Answer

Hello Omar,&nbsp;
Have you considered configuring or listing these File Types under Disallowed File Types by navigating through to 'Security  ››  Application Security : File Types : Disallowed File Types' within your security policy?  As of today, we can only configure explicit entities there, so you can try to see if configuring these file types you listed above under that section helps achieve the desired result.&nbsp;
Best Regards,
Ashwin&nbsp;

youssef1 · Answer

Hi Omar,
You can use an Irule for that if you want:
when HTTP_REQUEST {

set path [HTTP::path]

switch -glob $path {
    "*.pdf" -
    "*.docx" - 
    "*.doc" -
    "*.xlsx" {
        ASM::disable
        log local0. "ASM was disable for following path: $path"
    }
    default {
          nothing
    }
}

}

Just one question, did you see file extension in the path? if not we have to do otherwise...

Forum Discussion

Whitelisting only specified file extensions on ASM

2 Replies

Recent Discussions

F5 APM with OIDC Web Duo Prompt

F5 not sending traffic to Web pool

VPN fragmented IP packets dropped

Health Monitor via MGMT (DCDs)

F5Access | MacOS Sonoma

Related Content

F5 CIS, TLS Extensions, and troubleshooting

Three Ways to Specify Multiple Ports on a Virtual Server

add /browerWeb Extension after domain name

Using VPC Endpoints with Cloud Failover Extension

Forwarded HTTP Extension Insertion (RFC 7239)