|
7 | 7 | label: Malicious uploads |
8 | 8 | --- |
9 | 9 |
|
10 | | -import { GlossaryTooltip } from "~/components"; |
| 10 | +import { GlossaryTooltip, Type } from "~/components"; |
11 | 11 |
|
12 | 12 | The malicious uploads detection, also called uploaded content scanning, is a WAF [traffic detection](/waf/concepts/#detection-versus-mitigation) that scans content being uploaded to your application. |
13 | 13 |
|
@@ -88,15 +88,24 @@ The content scanner will automatically decode Base64 strings. |
88 | 88 |
|
89 | 89 | When content scanning is enabled, you can use the following fields in WAF rules: |
90 | 90 |
|
91 | | -| Field name in the dashboard | Field name in expressions | |
92 | | -| ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | |
93 | | -| Has content object | [`cf.waf.content_scan.has_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_obj/) | |
94 | | -| Has malicious content object | [`cf.waf.content_scan.has_malicious_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_malicious_obj/) | |
95 | | -| Number of malicious content objects | [`cf.waf.content_scan.num_malicious_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_malicious_obj/) | |
96 | | -| Content scan has failed | [`cf.waf.content_scan.has_failed`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_failed/) | |
97 | | -| Number of content objects | [`cf.waf.content_scan.num_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_obj/) | |
98 | | -| Content object size (in bytes) | [`cf.waf.content_scan.obj_sizes`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_sizes/) | |
99 | | -| Content object type | [`cf.waf.content_scan.obj_types`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_types/) | |
100 | | -| Content object result<br/>Values: `clean`, `suspicious`,<br/>`infected`, and `not scanned` | [`cf.waf.content_scan.obj_results`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_results/) | |
| 91 | +| Field | Description | |
| 92 | +| -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 93 | +| Has content object <br/> [`cf.waf.content_scan.has_obj`][1] <br/> <Type text="Boolean" /> | Indicates whether the request contains at least one content object. | |
| 94 | +| Has malicious content object <br/> [`cf.waf.content_scan.has_malicious_obj`][2] <br/> <Type text="Boolean" /> | Indicates whether the request contains at least one malicious content object. | |
| 95 | +| Number of malicious content objects <br/> [`cf.waf.content_scan.num_malicious_obj`][3] <br/> <Type text="Integer" /> | The number of malicious content objects detected in the request (zero or greater). | |
| 96 | +| Content scan has failed <br/> [`cf.waf.content_scan.has_failed`][4] <br/> <Type text="Boolean" /> | Indicates whether the file scanner was unable to scan all the content objects detected in the request. | |
| 97 | +| Number of content objects <br/> [`cf.waf.content_scan.num_obj`][5] <br/> <Type text="Integer" /> | The number of content objects detected in the request (zero or greater). | |
| 98 | +| Content object size <br/> [`cf.waf.content_scan.obj_sizes`][6] <br/> <Type text="Array<Integer>" /> | An array of file sizes in bytes, in the order the content objects were detected in the request. | |
| 99 | +| Content object type <br/> [`cf.waf.content_scan.obj_types`][7] <br/> <Type text="Array<String>" /> | An array of file types in the order the content objects were detected in the request. | |
| 100 | +| Content object result <br/> [`cf.waf.content_scan.obj_results`][8] <br/> <Type text="Array<String>" /> | An array of scan results in the order the content objects were detected in the request. <br/> Possible values: `clean`, `suspicious`, `infected`, and `not scanned`. | |
| 101 | + |
| 102 | +[1]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_obj/ |
| 103 | +[2]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_malicious_obj/ |
| 104 | +[3]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_malicious_obj/ |
| 105 | +[4]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_failed/ |
| 106 | +[5]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_obj/ |
| 107 | +[6]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_sizes/ |
| 108 | +[7]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_types/ |
| 109 | +[8]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_results/ |
101 | 110 |
|
102 | 111 | For examples of rule expressions using these fields, refer to [Example rules](/waf/detections/malicious-uploads/example-rules/). |
0 commit comments