Forum Discussion

Nimbostratus

Apr 03, 2019

ASM/ICAP file upload problem

We are encountering intermittent File upload issue after TMOS 11.6.0 to 13.1.1 upgrade. We are using ICAP service for file scanning and in the ASM events logs it showing blocked “Virus detected“ and ...

Employee

Apr 04, 2019

There is a timeout happening causing the response to be classified as a violation/virus.

It's difficult to know what specifically is contributing to the timeout without packet captures and debug logs. In that case I recommend opening a support case.

However, there are three control parameters for ICAP connections that can be adjusted to help:

  icap_server_max_response_time  -  default value 120s

  icap_server_max_send_time  -  default value 25s trying to send packet

  icap_server_max_connections  -  default value 10 connections

These can all be set using "/usr/share/ts/bin/add_del_internal".

Example:

/usr/share/ts/bin/add_del_internal add icap_server_max_response_time 240

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM/ICAP file upload problem

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

Problem with sending BotDefense logs to remote server

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Related Content

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

File Uploads and ASM

File upload and ASM

F5 Automation Toolchain Upload

WAF - Allow uploads of only files with certain extensions and block all other file uploads

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS