Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

WAF .axd extensions being blocked

 

Information

 

Summary:

WAF .axd extensions being blocked

Environment:

Product:LoadMaster

Version:All

Platform:All

Application:WAF

Question/Problem Description:

The CRS rule (ID 920440 )will trigger if a match is detected for any of the following Forbidden file extensions:
".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/.dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/.rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/"

Steps to Reproduce:  
Error Message: The CRS rule (ID 920440 )will trigger if a match is detected for any of the following Forbidden file extensions
Defect Number:  
Enhancement Number:  
Cause: Some types of extensions might be blocked by a WAF default rule set under the Modsec.conf file hardcode on the LoadMaster.
Resolution: https://support.kemptechnologies.com/hc/en-us/articles/4411694782733-WAF-Rule-File-Extension-to-be-blocked
Workaround:  
Notes: https://support.kemptechnologies.com/hc/en-us/articles/4411694782733-WAF-Rule-File-Extension-to-be-blocked

Comments