Forum Discussion

Deepsri's avatar
Deepsri
Icon for Altocumulus rankAltocumulus
Sep 28, 2021

whitelist a file type for a specific parameter

Is it possible to whitelist a file type for a specific parameter in a ASM/WAF policy

 

We need to allow files with .exe file extension for query parameter fileName=abc.exe

e.g.

https://test.com/v1/dl/getContent/123/456?filename=abc.exe

4 Replies

  • Suggest you to with F5 ASM/WAF irule to bypass it. If you will allow .exe extenstion then all the exe will be bypass.

  • Yes that is what i thought as the GUI does not provide an option to do that. Thanks for the reply

  • as per your http request

    the file type is no_ext and parameter name : filename and parameter value :abc.exe

     

    so uploading the abc.exe wont trigger illegal file type as its parameter value of filename.

    you need to add the parameter filename and set its data type as fileupload and disable the option

    Disallow File Upload of Executables

     

     

    • Deepsri's avatar
      Deepsri
      Icon for Altocumulus rankAltocumulus

      Thanks for the helpful reply Ragunath. I will try this option. Presently i have allowed .exe for the entire policy