Forum Discussion
Jim_M
Cirrus
CirrusASM illegal post data length and illegal request length
I have a 12.2 system. Can you please point me to where the global parameter and/or the policy specific parameter is set for maximum post and request lengths?
Security ›› Application Security : Parameters : Parameters List ›› Add Parameter...
... considering the parameter value type is User-input value, in the Data Type tab; when you set 'Maximum Length' to Any that should allow for maximum post.
Jim_MThe parameters listed appear to be URL specific. Can i use the wildcard '*' as a catchall? I want to increase the maximum length across the board
Going back to your original Q. Each ASM policy has its Global Parameters unless you specify the level for a particular parameter to be URL specific or Flow. Each Parameter in the policy will have its own settings (maximum length, etc).
The parameters listed you say are URL specific. By default, a wildcard (*) parameter is created in an ASM policy. Once users have fine tuned their policy, it is either deleted... You perhaps don't have one in your policy (parameter list). Therefore, you can create a wildcard (*) and set level to Global so that it does catchall and use the same Maximum length across the board... You will need to delete the URL specific URLs in that case.
However, having a * and maximum length is not recommended because the request may be a malicious one and you are opening up to exploitation... Unless you are doing because you are in the learning/ policy building phase.
