ASM Reading PDF Content as Attack from Multipart/Form-data Web Form Upload

I did see this thread: https://devcentral.f5.com/s/feed/0D51T00006i7bGdSAI But I need a solution that's going to work over a whole enterprise with many different field names.

Signature ID 200002305 - SQL-INJ "' " (SQL comment) (Parameter) Blocking Mask

Detected Keyword: &p![B5lB'&1m=ITh\LtiNEn!s2;\0:]C;7?naZ> JpY4^:iR,19>aO.,Ud!?"Q/7'f7_T'S?SabW0;4bo6W9*`f&.*(]p;%ogjQ,i!TnR`A[i3[F 'EX>V4W/&rL%

Content-Disposition: form-data; name="gfe_lib_file"; filename="C:\Users\xxxxxxxxxx\Desktop\xxxxxxxxxx.pdf" Content-Type: application/pdf %PDF-1.4 1 0 obj << /Creator (Oracle10gR2 AS Reports Services) /CreationDate (D:20150807110634) /ModDate (D:20150807110634) /Producer (Oracle PDF driver) /Title (o32815067.out) /Author (Oracle Reports) >> endobj 5 0 obj <> stream Gat=.=``=g%Y"/U5g=-4HE(eY04&oB7:I6RCe9cQGeBNJ/OjKqbil9&.MMjZ"hL2Q7E_jY<9uGu 7K[6cJYQ%&4_=DJEocWl0'/mX1&X/OVc'do-7VZqs5[n<5Lk$.Q@rL bhA+\AGQ-TPe-XP:UO8)=g]l3^RMG,eD>;T0RHd_K`]PRnq+r!]",LJi3Mrl3:UFsm8\g%N&p![B5lB'&1m=ITh\LtiNEn!s2;\0:]C;7?naZ> JpY4^:iR,19>aO.,Ud!?"Q/7'f7_T'S?SabW0;4bo6W9*`f&.*(]p;%ogjQ,i!TnR`A[i3[F ...etc

Is there a way to keep the ASM from reading the contents of files that are being uploaded? Signature ID 200002305 seems like it is going to be a rather obnoxious problem.

You can modify the properties of the parameter that is used for file uploads:

 

Parameter value type: User input value

 

Data type: file upload

 

With those settings ASM will no longer apply attack signatures to the data contained in that parameter. There is no single setting for ASM or the security policy that will stop the examination of file uploads.