F5 recently added a new malware protection feature to both RE and CE, designed to inspect files uploaded by users to a website. This helps ensure that files originating from untrusted sources (external users) are safe before they are processed internally by the web server.

There is another important use case for this feature in the AI ecosystem. When a user uploads files in a chatbot window (AI front-end app), the back-end orchestration app processes those files and stores them in a RAG database.

If we deploy our CE (Customer Edge) between the front-end app and the back-end app, we can inspect user-uploaded files in transit and proactively block them if they are malicious. However, there is currently one limitation when enabling malware detection in this scenario. F5 XC allows you to configure target URLs for file inspection, but the configuration only supports exact URL matching. In other words, the URL must be defined as a full, precise match in the malware protection settings.

The challenge is that chatbot applications typically assign a unique UUID per conversation, which makes it impractical to predefine every exact target URL.

If XC could support not only exact URL matches but also patterns such as “starts with,” “ends with,” or wildcard matching, this malware protection feature could be easily enabled and applied in AI use cases.