Forum Discussion

Nimbostratus

Aug 13, 2015

ASM Reading PDF Content as Attack from Multipart/Form-data Web Form Upload

I have one site that I'm trying ASM on, and uploading a PDF from a FILE input in a multipart/form-data web form is triggering a SQL Injection blockage from the ASM. The ASM seems to be choking o...

ASM Advanced WAF

security

gsharri

Altostratus

Aug 17, 2015

You can modify the properties of the parameter that is used for file uploads:

Parameter value type: User input value

Data type: file upload

With those settings ASM will no longer apply attack signatures to the data contained in that parameter. There is no single setting for ASM or the security policy that will stop the examination of file uploads.

Forum Discussion

ASM Reading PDF Content as Attack from Multipart/Form-data Web Form Upload

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

F5 402 Exam reading list and notes

ignore nested Content-Type inside multipart/form-data

How To Read An F5 Security Advisory

Read only account to read logs in cli

Layer 7 Content Routing in F5 XC