John C. Rosenberger File uploads are an essential feature for many web applications, allowing users to share files like images, documents, and videos for a variety of purposes.
To mitigate these risks, a feature called WAF Content Scanning has been introduced. This feature is designed to detect and prevent malicious files from being uploaded, providing an extra layer of security. Read more file malware scanner for online protection
New Improvements
One of the significant improvements in this updated version is the increase in the maximum file size that can be scanned. Initially, the system could only scan files up to 1 MB in size, but with the new version, the limit has been expanded to 15 MB. To achieve this, the entire architecture had to be redesigned to handle larger files without adding extra delays or increasing the processing load.
How the Scanning Process Works
WAF Content Scanning operates in several steps. First, users activate the feature through an API or directly from the dashboard settings. Once enabled, the scanning engine begins identifying files within incoming requests. It uses heuristics to automatically detect files, rather than relying on unreliable indicators like the content-type header, which can be manipulated by attackers.
When the system identifies a file, it is sent to a scanning engine that checks it for any malicious content. This engine is connected to an antivirus (AV) scanner, which thoroughly analyses the file and returns the scan results. Based on these results, users can create custom rules to block or restrict certain files from being uploaded.
File Types and Scanning Limits
A common question about WAF Content Scanning relates to the types of files it can detect and scan. The system is designed to identify files embedded within HTTP requests, which can include a wide variety of content types. The scanning engine processes several types of files, such as:
Executable files (e.g., .exe, .bat)
Documents (e.g., .pdf, .docx)
Compressed files (e.g., .zip, .rar)
Images (e.g., .jpg, .png)
Video and audio files (within the 15 MB file size limit)
The system is designed to scan files in real time, ensuring the security of the server while minimizing delays.
Performance and Latency
In the previous version of WAF Content Scanning, the system could handle file sizes up to 1 MB, but scaling it to handle 15 MB files posed a challenge. The team had to find a way to increase the file size limit without introducing delays that would slow down file uploads. By redesigning the architecture, they managed to bypass the original rule engine, which was adding extra latency.
Enhanced Visibility and Control
WAF Content Scanning also provides users with greater visibility into their web traffic. The system’s analytics give insight into traffic patterns, allowing security teams to identify potential risks before malicious files can reach the server. Detailed logs provide useful information that can help with monitoring and refining security rules.
In conclusion, WAF Content Scanning is a powerful tool for detecting and blocking malicious files, offering improved file size limits, enhanced performance, and better visibility. By using this feature, users can protect their web applications from security threats while maintaining smooth performance and flexibility.
