Forum Discussion
hooleylist
Dec 27, 2009Cirrostratus
ASM should still parse the parameters and values in a multipart/form-data based upload request.
You could configure an object for the page which receives the POST request (something like /path/to/upload.html) and a parameter (probably named "filename") on the object. You can configure the filename parameter using a regex like ^.*\.(txt|doc|html)$. This would allow a client to submit a request with the filename parameter set to anything ending in .txt .doc or .html. Any other filename would trigger a violation on the parameter not matching the regex. Note that this doesn't restrict the actual content a client uploads--just the filename they use when uploading the file.
Aaron