Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 1296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM WAF block mime types

IlyaYakov

hello

i have rest web api service behind sophos utm waf

i have upload controller that recieves jpg ang png file with POST method

i need to prevent uloading all ext except png and jpg

i configure WAF profile like this:

but steel can upload exe or other  ext

thanks for the help



This thread was automatically locked due to age.
Parents
  • 0

    Shalom Ilya,

    I don't know of a way to block everything except .jpeg and .png without importing 600+mime types.  I suspect that would make things unnecessarily slow.

    Strange that your filter allows .exe uploads - are you sure that's the one in use for this Virtual Server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi BAlfson Slight smile

    thanks for your reply,

    this a profile

    this a virtual server

    /RentACar - its web api service path

    when i am trying to upload png file i got this:

    2021:12:16-20:35:39 fw httpd[21184]: [avscan:error] [pid 21184:tid 3969231728] [client 84.229.88.170:61794] [21184] blocked MIME type application/octet-stream in request /RentACar/account/upload, referer: study.falcone.co.il/.../Users
    2021:12:16-20:35:39 fw httpd[21184]: [avscan:error] [pid 21184:tid 3969231728] [client 84.229.88.170:61794] mod_avscan_check_file_single_part failed, referer: https://study.falcone.co.il/RentACarProject/Users
    but..exe files its uploaded with status code 200..
  • 0 in reply to IlyaYakov

    Update:

    its block exe files,but not all ..

    for example i tried to upload anydesk.exe:)its uploaded

    some zip self extractors- blocked

  • 0 in reply to IlyaYakov

    'Common Threat Filter Categories' are in every Filter, but we can't see the name of the Filter in your first picture above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to IlyaYakov

    'Common Threat Filter Categories' are in every Filter, but we can't see the name of the Filter in your first picture above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML