Forum Discussion

Nimbostratus

Dec 15, 2015

Applying iRule to ASM policy - file upload form protection

So, I have found the following iRule which should block the upload of PHP files in file upload forms: when HTTP_REQUEST { if { [HTTP::header exists "Content-Disposition"] } { ...

ASM Advanced WAF

security

sbobic_232506

Nimbostratus

Dec 17, 2015

Disallowing file types will make the web app inaccessible as it's made in PHP. Plus, as a pentester, I would like to have full control in order to block all file upload vulnerabilities(.php3, .phps, exif data, .htaccess shells etc)

All of my logs(illegal, and all requests) at Security > Event Logs > Application > Requests are empty. Maybe because I have set automatic learning mode, and I've started building the policy just yesterday.

Forum Discussion

Applying iRule to ASM policy - file upload form protection

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Managing NGINX App Protect WAF for Beginners