Preventing Malicious File Upload (PHP) false positives w/o exposing system

  • Resolved ericscoles

    (@ericscoles)


    2 months ago

    Users on our site are not able to upload PDF documents without triggering the “Malicious File Upload (PHP)” firewall rule.

    I’m aware that I can work around that by disabling the rule. What I want to understand is whether that would simply eliminate malicious file upload protections going forward.

    EDIT FOR CLARIFICATION: On further reading it looks as though this rule is meant to block the upload of malicious PHP code, specifically. The files being blocked are PDFs generated by Microsoft Word for Office 365. They contain no PHP code. MS Defender reports no threats in the test file.

    • This topic was modified 2 months ago by ericscoles. Reason: added context
Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter ericscoles

    (@ericscoles)

    Can anybody confirm that disabling the ‘Malicious File Upload (PHP)’ rule disables all checking for php exploits in uploaded files?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @ericscoles, thanks for your question.

    It’s quite common for PDF or image files to match malicious PHP code patterns such as <? when viewed as text so disabling the rule is certainly your best option if you require (and are expecting) these uploads from the users on your site regularly.

    There are usually 3 possible rules involved during this process. “Malicious File Upload“, “Malicious File Upload (PHP)“ as you’ve seen here, or “Malicious File Upload (Patterns)”.

    There are layers to how uploaded files are checked, so having to turn one of the rules off to fix your issue should still ensure malicious files would be caught at a different stage of the checking process.

    Thanks,
    Peter.

    Thread Starter ericscoles

    (@ericscoles)

    Thanks, Peter!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.