WAF antivirus exception does not work

Hi,

I checked the exception functionality for Antivirus in 9.355. It works fine for me.

Could you add screenshots of your configuration (with greyed out personal data)?

Sabine

Below are my settings with Antivirus enabled, for the entire site, and with the Exception for the upload script:

Below is a screenshot of what I get when uploading a file with the settings above:

Below is a screenshot of what an upload should look like. I have to untick Antivirus in the Firewall Profile even though I have Antivirus ticked in the Exception rule:

I have also tried adding   /*  to the Exception List so the whole site is excluded but that did not help. To reiterate, all I have to do is untick 'Antivirus' in the WAF Firewall Profile and leave all other setting the same, in order for the upload progress bar to display properly.

Evianne, you can clearly see, adding Antivirus to my Exception List does not work for me. I doubt very much that your results would be any different if you were able to test with the same setup that I have.

UPDATE (2/29/2016, 9:35 AM EST): I did more testing and it appears that this issue does not occur if the total size of the file(s) being uploaded is less than approximately 4.2MB in size.

Hi,

your setup looks correct. Could you please post the corresponding log lines when you try to upload a file for both cases?

Sabine

I used the same PDF file for testing. I removed some pages from the 4.23 MB PDF file to make it smaller. Both files are uploaded but one displays the progress bar and the other does not. 

Successful displayed progress bar (file size: 4.17MB):

2016:02:29-10:38:25 gateway reverseproxy: [Mon Feb 29 10:38:25.359661 2016] [security2:error] [pid 1389:tid 3753630576] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload.cgi"] [unique_id "VtRl8TLwWoEAAAVt9GYAAAAt"]
2016:02:29-10:38:26 gateway reverseproxy: [Mon Feb 29 10:38:26.182099 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl8jLwWoEAAAVt9GcAAAAw"]
2016:02:29-10:38:31 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="3003" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="5257984" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:32 gateway reverseproxy: [Mon Feb 29 10:38:32.532420 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl@DLwWoEAAAVt9GgAAAAw"]
2016:02:29-10:38:32 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="279" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58923" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:33 gateway reverseproxy: [Mon Feb 29 10:38:33.532898 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl@TLwWoEAAAVt9GkAAAAw"]
2016:02:29-10:38:33 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58742" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300; SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D" set-cookie="-"
2016:02:29-10:38:34 gateway reverseproxy: [Mon Feb 29 10:38:34.528722 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl@jLwWoEAAAVt9GoAAAAw"]
2016:02:29-10:38:34 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58708" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:35 gateway reverseproxy: [Mon Feb 29 10:38:35.548936 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl@zLwWoEAAAVt9GsAAAAw"]
2016:02:29-10:38:35 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58591" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:36 gateway reverseproxy: [Mon Feb 29 10:38:36.530420 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl-DLwWoEAAAVt9GwAAAAw"]
2016:02:29-10:38:36 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58273" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:37 gateway reverseproxy: [Mon Feb 29 10:38:37.529991 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl-TLwWoEAAAVt9G0AAAAw"]
2016:02:29-10:38:37 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="98" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58637" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:38 gateway reverseproxy: [Mon Feb 29 10:38:38.531884 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl-jLwWoEAAAVt9G4AAAAw"]
2016:02:29-10:38:38 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58315" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:39 gateway reverseproxy: [Mon Feb 29 10:38:39.542764 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRl-zLwWoEAAAVt9G8AAAAw"]
2016:02:29-10:38:39 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="59716" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:40 gateway reverseproxy: [Mon Feb 29 10:38:40.531283 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRmADLwWoEAAAVt9HAAAAAw"]
2016:02:29-10:38:40 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58416" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:41 gateway reverseproxy: [Mon Feb 29 10:38:41.528316 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRmATLwWoEAAAVt9HEAAAAw"]
2016:02:29-10:38:41 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="20" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58229" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:42 gateway reverseproxy: [Mon Feb 29 10:38:42.530212 2016] [security2:error] [pid 1389:tid 3728452464] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRmAjLwWoEAAAVt9HIAAAAw"]
2016:02:29-10:38:42 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="68" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="58305" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:42 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="460" user="-" host="73.x.x.x" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="17618485" url="/cgi-bin/uploadScript/upload.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:43 gateway reverseproxy: [Mon Feb 29 10:38:43.113485 2016] [security2:error] [pid 1389:tid 3753630576] [client 73.x.x.x] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:host. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:host: c-73-216-14-102.hsd1.va.comcast.net"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mysite.com"] [uri "/upq/upload/upload_thanks.php"] [unique_id "VtRmAzLwWoEAAAVt9HMAAAAt"]
2016:02:29-10:38:43 gateway reverseproxy: [Mon Feb 29 10:38:43.190513 2016] [security2:error] [pid 1389:tid 3753630576] [client 73.x.x.x] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=1, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname "mysite.com"] [uri "/upq/upload/upload_thanks.php"] [unique_id "VtRmAzLwWoEAAAVt9HMAAAAt"]
2016:02:29-10:38:43 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="4593" user="-" host="73.x.x.x" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="91064" url="/upq/upload/upload_thanks.php" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:38:58 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="3509" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="76164" url="/upq/" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"

Failed to display progress bar (file size: 4.23MB)

2016:02:29-10:34:03 gateway reverseproxy: [Mon Feb 29 10:34:03.464391 2016] [security2:error] [pid 1389:tid 3762023280] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload.cgi"] [unique_id "VtRk6zLwWoEAAAVt9GAAAAAs"]
2016:02:29-10:34:04 gateway reverseproxy: [Mon Feb 29 10:34:04.269263 2016] [security2:error] [pid 1389:tid 3745237872] [client 73.x.x.x] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "mysite.com"] [uri "/cgi-bin/uploadScript/upload-stat.cgi"] [unique_id "VtRk7DLwWoEAAAVt9GEAAAAu"]
2016:02:29-10:34:09 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="2265" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="5084501" url="/cgi-bin/uploadScript/upload-stat.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:34:21 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="460" user="-" host="73.x.x.x" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipThreatsFilter" time="18034783" url="/cgi-bin/uploadScript/upload.cgi" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:34:21 gateway reverseproxy: [Mon Feb 29 10:34:21.618256 2016] [security2:error] [pid 1389:tid 3745237872] [client 73.x.x.x] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:host. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:host: c-73-216-14-102.hsd1.va.comcast.net"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mysite.com"] [uri "/upq/upload/upload_thanks.php"] [unique_id "VtRk-TLwWoEAAAVt9GIAAAAu"]
2016:02:29-10:34:21 gateway reverseproxy: [Mon Feb 29 10:34:21.694125 2016] [security2:error] [pid 1389:tid 3745237872] [client 73.x.x.x] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=1, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname "mysite.com"] [uri "/upq/upload/upload_thanks.php"] [unique_id "VtRk-TLwWoEAAAVt9GIAAAAu"]
2016:02:29-10:34:21 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="4629" user="-" host="73.x.x.x" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="90332" url="/upq/upload/upload_thanks.php" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"
2016:02:29-10:34:37 gateway reverseproxy: id="0299" srcip="73.x.x.x" localip="50.x.x.x" size="3509" user="-" host="73.x.x.x" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="75649" url="/upq/" server="mysite.com" referer="-" cookie="SITEC=S0xZWU5uOU9sV2JZMDdsc3hsbXBFUHcwNzJZY1BsZVlwTlRIODcwTHdRPT0%3D; PHPSESSID=234575f4dbbd21fbf7f25f7f79984cb8ceabd300" set-cookie="-"

UPDATE (11:03 AM EST): Now I'm confused... I just uploaded a couple of files that previously failed to display the progress bar but this time it did display. Here are the files I've been using to test with:

http://www.filedropper.com/testfiles
 

Hi,

hm, the actual POST request is not blocked.

But it is send to path '/upq/upload/upload_thanks.php'.

Could you please add '/upq/upload/upload_thanks.php' as exception path?

Sabine

I'll try that right now and update this post but like I stated previously, I already tried adding   /*  which should exclude the entire site, correct?

UPDATE (11:25 AM): Adding '/upq/upload/upload_thanks.php' as exception path did not help.

I also tried the eicar test virus. The exception is working because the test virus does get uploaded but not when I remove the exception.

It seems to me that when a file is over approximately 4.2MB, the UTM caches/buffers the file before redirecting it even though the Antivirus exclusion exists. However, unticking Antivirus in the WAF Firewall Properties seems to disable Antivirus altogether so no caching/buffering is taking place. I'm just guessing, I could be way off target.

The upload progress bar uses ajax so the file upload needs to stream in order for it to display real-time data.

In general, an exception for AV is not the same as having AV disabled.
If you have an exception, the files are still scanned.

Regarding your problem I think we have to dig deeper. Therefore, you should open a support ticket.

Sabine

Thank you for your time and your suggestion but I'm a Home user and it's my understanding that I cannot open a support ticket.

Thank you for your time and your suggestion but I'm a Home user and it's my understanding that I cannot open a support ticket.