How to allow only specific file type such as .pdf or .doc as file attachment in apigee proxy?

We have an Apigee proxy that is being used to upload word and pdf files however there’s a security requirement to restrict the file types that can be send through this pass through proxy so that file types such as .php, web.config, .htaccess cannot be allowed. Rather than blacklisting of file types, the whitelisting of .doc or .pdf should be done. The proxy is receiving the incoming request with file attachment with content-type as ‘multipart/form-data’.

You need to examine the Multi-part form data payload. These payloads include multiple parts, each one has a distinct content-type. An example might be like this:

POST / HTTP/1.1
Host: my-host-name
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------e3d33b704923419d
Content-Length: 554

-----------------------------e3d33b704923419d
Content-Disposition: form-data; name="text"

text default
-----------------------------e3d33b704923419d
Content-Disposition: form-data; name="file1.txt"
Content-Type: text/plain

Content of file1.txt.

-----------------------------e3d33b704923419d
Content-Disposition: form-data; name="file2.png"
Content-Type: image/png

...image bytes here...

-----------------------------e3d33b704923419d--

It sounds like you want to accept only multipart forms that include content types of a certain subset.

I cannot think of a way to do that without parsing the multipart form completely, and then examining each part, for the content-type header.

This Apigee callout does that.

You would need to insert a policy step for that callout into your API proxy, and then insert conditions into your API proxy testing the number of attachments (you might want to limit it to 1 only) and the content-type of the attachments.

Alternatively, it might be a good idea to insert some validation into the callout itself; it might be cool to configure the callout to reject any request that has more than 1 attachment, or an attachment that is not part of a specified subset. That would be a really easy change, an almost trivial change, to make in the callout.

The one caveat is, it requires parsing the entire message. And remember, there’s a data size limit in Apigee requests of 10mb. If your attachment is larger than that, then Apigee won’t handle it.

Has this been tested already and will there be any vendor support for this solution?

From the README

dchiesa1_0-1731957111821.png