For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jim_M's avatar
Jim_M
Icon for Cirrus rankCirrus
Oct 09, 2019

ASM illegal post data length and illegal request length

I have a 12.2 system. Can you please point me to where the global parameter and/or the policy specific parameter is set for maximum post and request lengths?
ASM Advanced WAF
security
Greasy_Pretzel's avatar
Greasy_Pretzel
Ret. Employee
Oct 10, 2019

Going back to your original Q. Each ASM policy has its Global Parameters unless you specify the level for a particular parameter to be URL specific or Flow. Each Parameter in the policy will have its own settings (maximum length, etc).

 

The parameters listed you say are URL specific. By default, a wildcard (*) parameter is created in an ASM policy. Once users have fine tuned their policy, it is either deleted... You perhaps don't have one in your policy (parameter list). Therefore, you can create a wildcard (*) and set level to Global so that it does catchall and use the same Maximum length across the board... You will need to delete the URL specific URLs in that case.

 

However, having a * and maximum length is not recommended because the request may be a malicious one and you are opening up to exploitation... Unless you are doing because you are in the learning/ policy building phase.