Hi WAF admins
Sometimes my FortiWeb denies some uploaded files, just like pdf or png, and it logs an attack of type "generic attack" or "known exploit". The detected pattern can be something like this:
${�ǕN�������$�
Or something like that:
_/
I wonder if this is a real attack or just a false positive, since the signature is inside an uploaded file, while the string ${... looks like a kind of injection, and I think it should be blocked when it is in a form or in URL, not when it is in an uploaded binary data file.
Or maybe I'm misunderstanding something in WAF?
I still think an uploaded file should be scanned with AV but it shouldn't be scanned for application attacks like we do with forms and URLs. Am I wrong?
User | Count |
---|---|
2549 | |
1356 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.