Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ashok_G_263579's avatar
Ashok_G_263579
Icon for Nimbostratus rankNimbostratus
Jan 11, 2018

Error code 400 while downloading a file via REST API

Hello Everyone,   My GET request to the device is https://192.168.55.248/mgmt/tm/asm/file-transfer/downloads/exported_file.xml   And the error I receive is,   { "code": 400, "messa...
application delivery
big-ip
iControlREST
security
Satoshi_Toyosa1's avatar
Satoshi_Toyosa1
Ret. Employee
Jan 21, 2018

The maximum octets you can download using the 

/mgmt/tm/asm/file-transfer/downloads/file
endpoint is 1,048,576 bytes (1 MiB = 1,0242). Any remaining data is silently truncated (I did not get the 400 error you got. Possibly version dependent. Mine was 13.0.0).

When you need to download a file larger than this limit, download chunk by chunk by using the 

Content-Range
header. For example, to download a 3,165,860 bytes file, use the REST call three times.

GET /mgmt/tm/asm/file-transfer/downloads/file > file     ... first 1 MiB
GET /mgmt/tm/asm/file-transfer/downloads/file -H "Content-Range: 1048576-2097151/3165860"
>> file     ... next 1 MiB
GET /mgmt/tm/asm/file-transfer/downloads/file -H "Content-Range: 2097152-3165860/3165860" >> file    ... the remaining octets

See also Demystifying iControl REST Part 5: Transferring Files for the Content-Range header format.

JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jul 29, 2019

Isn't "Content-Range" issued by the server? The client side should use "Range:" instead in its request.

  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Ret. Employee
    Jul 29, 2019

    It is implemented that way presently. F5 is aware of the discrepancy with RFC 7233 and has a bug ID assigned to the issue: ID701702.