Unauthorized Upload

What It Means

This request attempted to upload files into your application.

Why It Matters

Unauthorized file uploads are a common attack vector. Attackers attempt to upload malicious scripts (web shells, backdoors) that they can then execute to take control of your server. Even seemingly harmless file types can be crafted to execute code when processed by certain server configurations.

Common Triggers

POST requests with file upload data targeting paths that are not configured to accept uploads, or uploads of file types that are commonly associated with attacks (such as PHP, ASP, or JSP files).

What To Do

If your application has legitimate file upload functionality that is being blocked, use Path Allowlisting to exempt those specific upload endpoints. Ensure your application also validates uploaded files independently of the WAF.