Forum Discussion
Setting the parameter type "File Upload" limits the range of checks that are performed on the parameter value. The primary usage is obviously file uploads, because for example a PDF file or Excel sheet is pretty much a binary blob with some text sprinkled in between and applying meta character checks to see if it includes a quote, a dollar sign, a null byte or some nonprintable character somewhere doesn't make a lot of sense.
In version 14 (maybe also 13?) you can select to still check attack signatures on File Upload parameters - which for real file uploads may not be very useful, but for your scenario should be a good idea. (note: never tested if this actually works)
Setting the checksum parameter to file upload will open you up to some risk of attacks specifically on that parameter, because checks on the parameter will be limited.
If you find this more concerning than globally allowing null bytes, then disabling the "null in request" violation would be the way to go.
There may be another option that is not mentioned in the KB: An iRule to selectively unblock the request if this violation occurs specifically on that parameter. But that would require some engineering and I don't know if it even actually works.
I see that for "File Upload" Option there is no Attack Signature Option I can select. Images attached.
- gersbahNov 08, 2019Cirrostratus
This is a feature of version 14 and later. See https://support.f5.com/csp/article/K79544554
"Note: Prior to BIG-IP ASM 14.0.0, you can configure attack signatures for parameters of Alpha-Numeric data type. Starting in BIG-IP ASM 14.0.0, you can configure attack signatures for parameters of File Upload data type, in addition to parameters of Alpha-Numeric data type."
- SubrunNov 08, 2019Cirrostratus
Only for Alpha-Numeric it shows Attack Signature tab. Image attached