Forum Discussion
P_Kueppers
MVP
MVPBigIP ASM Problems with FileUploads with SOAP
Hi there, actually my ASM Policy is blocking a file upload for one application with the error message: HTTP protocol compliance failed
Chunks number exceeds request chunks limit: 1000 I ra...
P_KueppersMVP
MVPNope. Same issue every few days and still on 14.x but I cant imagine that this is a bug and will be fixed with 15.x
I think the messages doesnt come from the application I suspect rather a other one. How can I track this? Some fancy iRule to log this big XML requests? I can imagine that this is coming from a total different application where Im not informed about xml/soap requests.
Tagging AubreyKingF5 again for his technical expertise...
- P_Kueppers
Thanks, hopefully he can help me out... maybe i need to deploy something like this on all vservers to find that black sheep
when HTTP_REQUEST { #Check if the request is a POST, with a content type of text and size over 10MB if {[HTTP::has_responded]} { return } elseif {[HTTP::method] eq "POST"}{ if {[HTTP::header value "Content-Type"] contains "xml" or [HTTP::header value "Content-Type"] contains "json"}{ if {[HTTP::header value "Content-Length"] >= 10000000}{ log local0. "This is the HTTP Path: [HTTP::path]" log local0. "Client [IP::client_addr] This is the HTTP Host [HTTP::host]" log local0. "Client [IP::client_addr] accessed [virtual]" log local0. "Query string of URI: [HTTP::uri] is [URI::query [HTTP::uri]]" log local0. "HTTP Content Length Header = [HTTP::header value "content-length"]" log local0. "HTTP Content Type Header = [HTTP::header value "content-type"]" } } } }- AubreyKingF5
Moderator
Not a bad plan. Can you show me the tmsh out for the http profile? I take it you're not doing anything fancy like HTTP2?
- P_Kueppers
Pretty default I would say
We have some http/2 servers active:
ltm profile http2 Standard_http2_profile { app-service none concurrent-streams-per-connection 100 connection-idle-timeout 60 defaults-from http2 } ltm profile http2 http2 { activation-modes { alpn } app-service none concurrent-streams-per-connection 10 connection-idle-timeout 300 enforce-tls-requirements enabled frame-size 2048 header-table-size 4096 include-content-length disabled insert-header disabled insert-header-name X-HTTP2 receive-window 32 write-size 16384 }But most is http/1.2
ltm profile http SecureWEB_http { app-service none defaults-from http enforcement { known-methods { CONNECT DELETE GET HEAD LOCK OPTIONS POST PROPFIND PUT UNLOCK } } header-insert X-Forwarded-Proto:https hsts { maximum-age 31536000 mode enabled } insert-xforwarded-for enabled proxy-type reverse redirect-rewrite all server-agent-name LB } ltm profile http http { accept-xff disabled app-service none basic-auth-realm none encrypt-cookies none enforcement { known-methods { CONNECT DELETE GET HEAD LOCK OPTIONS POST PROPFIND PUT TRACE UNLOCK } max-header-count 64 max-header-size 32768 max-requests 0 pipeline allow truncated-redirects disabled unknown-method allow } fallback-host none fallback-status-codes none header-erase none header-insert none hsts { include-subdomains enabled maximum-age 16070400 mode disabled preload disabled } insert-xforwarded-for disabled lws-separator none lws-width 80 oneconnect-status-reuse "200 206" oneconnect-transformations enabled proxy-type reverse redirect-rewrite none request-chunking preserve response-chunking selective response-headers-permitted none server-agent-name LB sflow { poll-interval 0 poll-interval-global no sampling-rate 0 sampling-rate-global no } via-request preserve via-response preserve xff-alternative-names none }
