WAF - Allow uploads of only files with certain extensions and block all other file uploads
- Jan 10, 2023
Hi tub91 ,
Just to add somthing :
> let all learnt filetypes as it is , and do not delete them even if they are in a wildcard form or even specific filetypes for your application , this is for the stability of your application at all and this restriction should be applied on parameter level.
> Another point :
you should define 2 parameter in this ASM policy , Parameter with data type "file upload" and the other with "Alpha Numeric ".
Let me explain more :
you should have a parameter_1 needs to upload file on it’s like a container and this parameter should use (Data type = File upload) , and the other parameter should be triggered when you click "Button upload" let we call it Parameter_2 and you should define this parameter as ( an Alpha Numeric Data type ) With the Regular expression (ReGex) that I sent in the last reply.
Please check the below snap shots from my Lab :- you can see " choose file Button " which defined as " filename " parameter in F5 ASM learning suggestions , and "select the image you want to uplaod" which defined as "userfile" Parameter in F5 Learning suggestion.
In " Filename " I should create it as ( type = user input value parameter , Data type = Alpha numeric , and add the Regex that I send before in last reply ) .In "userfile" I should create it ( type = user input value , Data type = File upload )
> I hope this helps you.