Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Apr 18, 2016

Latitude and Longitude values been displayed as illegal file types in ASM

Hi experts, I am having the ASM block the URLs that have the latitude and longitude values in them. It is getting triggered as "illegal file type". Here`s a sample req -

 

GET /services/store-finder/42.0381234/-82.591231

 

so it is blocking the API call with an illegal file type of "591231", as it sees it after the "dot". I dont want to allow all file types in the policy. So whats the best way to solution this?

 

thnx

 

ASM Advanced WAF
security

3 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 19, 2016

    Hi,

    You can't exclude file type violation based on URL.

    you can try this irule to change URI before ASM and revert it after ASM. ASM may allow txt file type.

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/services/store-finder/" } {
        set uri_orig [HTTP::uri]
        HTTP::uri "/services/store-finder/fake.txt"
    }
}

when HTTP_REQUEST_RELEASE {
    if { [info exists uri_orig] && [HTTP::uri] eq "/services/store-finder/fake.txt" } {
        HTTP::uri $uri_orig
        unset uri_orig
    }
}
  • RonJM's avatar
    RonJM
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2016
    A wildcard file type? Something like this woud allow for any 6 digit file extension: [0-9][0-9][0-9][0-9][0-9][0-9]
  • sandy16's avatar
    sandy16
    Icon for Altostratus rankAltostratus
    Apr 25, 2016
    Thanks Ron, this works for a value that is exactly 6 digits. How about if they are more than that?