Can AWS WAF Inspect Contents of a .tar.lz4 File in HTTP POST Requests?

I'm using AWS WAF with an Application Load Balancer to filter incoming HTTP requests to my api server for security.

My api server expects files to be uploaded as .tar archive compressed with lz4.

Is there a way to configure AWS WAF to inspect the contents of .tar.lz4 files in POST requests, or must this be handled at the application server level?

This would have to be handled on the application level, or architecturally you can of course offload this to any file processing service internal or external to your application.

AWS WAF allows you to create custom rules to a certain extent, you can inspect all kinds of attributes of incoming and outgoing traffic, but this level of processing is way beyond its capabilities (or that of about any WAF). You can't write arbitrary code to extend the AWS WAF this way. It would also consume an insane amount of web ACL capacity units (WCUs).

What you can do instead is

• include inspection/validation logic in your app backend (this would also be beneficial, because this inspection would then be a part of your app, and the app would not depend on its environment for a presumably essential security feature)
• integrate with an existing external service, if what you need to do is not very custom and is already implemented somewhere
• you can architect your app in a way that allows the client to obtain cryptographic proof of validity of the file it intends to upload before the actual uploading, and then send this proof along with the file, which is then easy and efficent to check on the backend (whether this is feasible or even makes any sense obviously depends on a lot of factors, also there will be implementation risks; only do this if you have a very good reason, and you understand those risks)