Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

WAF .axd extensions being blocked

Updated

 

Information

 

Summary:

WAF .axd extensions being blocked
Environment:

Product:LoadMaster

Version:All

Platform:All

Application:WAF
Question/Problem Description:

The CRS rule (ID 920440 )will trigger if a match is detected for any of the following Forbidden file extensions:
".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/.dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/.rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/"
Steps to Reproduce:  
Error Message: The CRS rule (ID 920440 )will trigger if a match is detected for any of the following Forbidden file extensions
Defect Number:  
Enhancement Number:  
Cause: Some types of extensions might be blocked by a WAF default rule set under the Modsec.conf file hardcode on the LoadMaster.
Resolution: https://support.kemptechnologies.com/hc/en-us/articles/4411694782733-WAF-Rule-File-Extension-to-be-blocked
Workaround:  
Notes: https://support.kemptechnologies.com/hc/en-us/articles/4411694782733-WAF-Rule-File-Extension-to-be-blocked
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document