Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

FortiWeb denies some uploaded files

Hi WAF admins

Sometimes my FortiWeb denies some uploaded files, just like pdf or png, and it logs an attack of type "generic attack" or "known exploit". The detected pattern can be something like this:

${�ǕN�������$�

Or something like that:

_/

I wonder if this is a real attack or just a false positive, since the signature is inside an uploaded file, while the string ${... looks like a kind of injection, and I think it should be blocked when it is in a form or in URL, not when it is in an uploaded binary data file.

Or maybe I'm misunderstanding something in WAF?

AEK
AEK
10 REPLIES 10
AEK

I still think an uploaded file should be scanned with AV but it shouldn't be scanned for application attacks like we do with forms and URLs. Am I wrong?

AEK
AEK
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors