sbobic_232506
Dec 15, 2015Nimbostratus
Applying iRule to ASM policy - file upload form protection
So, I have found the following iRule which should block the upload of PHP files in file upload forms:
when HTTP_REQUEST {
if { [HTTP::header exists "Content-Disposition"] } {
switch -glob [HTTP::header value "Content-Disposition"] {
"*filename=*.php*" -
"*filename=*.sh*" {
Reject however you'd like:
reject
HTTP::redirect "/"
}
}
}
}
but it doesn't seem to affect anything. In other words, it's not applied to web application since I can still upload PHP files just fine. I am using Damn Vulnerable Web Application to do the testing.
Btw, I have just created the iRule in Local Traffic ›› iRules : iRule List
I didn't do anything else to enforce this rule since I don't know if it's needed and if it, where to do that?