Forum Discussion
Greg_33558
Nimbostratus
NimbostratusASM: How to expand length limits for select URLs?
I have an ASM policy where I've left the Request Length and POST Data Length at the defaults (5000/1000). This is fine for 99.9% of the site, but I do have a /fileUpload URL which is expected to exc...
NikhilB
Employee
EmployeeWhen you click on either of the violations what do they say? (can you post here)
The post/query length relate to file types that you have accepted. Is there one you can associate/create for this upload?
If you uncheck the 'block' button for the 2 violations and leave learn/alarm buttons checks on, how many violations does it pick up on? (are length violations a serious concern for your web app you are trying to protect?)
gowenfawrI've updated the initial post with click-throughs on all the details on two different systems; hopefully those details will shed some light. The F5 determines that these are "no_ext", even though the file upload was .tiff in both cases. I will try creating a .tiff extension and seeing if I can then exempt these uploads from the size restrictions that way. This ASM policy has been in Transparent mode on our Production site for 48 hours; in that time it would have blocked 415 uploads as a result of this issue. There is one URL that is used to upload files; all other forms across the site have much smaller input (e.g., the login form is only going to take a few dozen characters as input). It is reasonable to want to limit length on the vast majority of the site, but to allow greater lengths on an upload form - the length restrictions wouldn't exist if there wasn't a basic security value on the average form. I appreciate your help!
