What is the significance of staging with allowed file types?

Question

Hi;I understand the significance of stagin with attack signatures. However, I am trying to understand it for an allowed file type.Let's say that PHP is a file type in the list of allowed file types, and let's say that the wildcard file type has been removed from this list. In this case, does for PHP file type being "in staging" mean that it will be blocked until the 7 day staging &nbsp;period had elapsed?Of course assuming that all other conditions for blocking are satisfied, like "Blocking" enforcement mode and the block flag for illegal file types being ticked.KindlyWasfi

daniel_wolf · Accepted Answer

Hi&nbsp;Wasfi_Bounni,
configuring file types is more than just adding a file extension like .php to an allow list, file types also have attributes like URL Length,&nbsp;Request Length,&nbsp;Query String Length or&nbsp;POST Data Length. Also&nbsp;Response Signatures,&nbsp;attack signatures that are designed to inspect responses, can be applied to file types.The verify that all these attributes and signatures are configured correctly and to avoid false positives, you can (should) perform staging on file types.
Makes sense?
KRDaniel

wasfi_bounni · Answer

Thank you Daniel.&nbsp;

Forum Discussion

What is the significance of staging with allowed file types?

2 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

promble with Perform Staging

What is the significance of the preview size in a Request Adapt profile?

allow one url from blocks geolocation

ASM - Adding Allowed URL's via CLI in 2023