File upload and ASM

Question

Hi,We have developed a web application for uploading videos. This web app is protected by our ASM module. However, when we attempt to upload a video larger than 10 MB, the ASM blocks the request and displays the error message "Request length exceeds the defined buffer size."We attempted a solution we found in the forum, which involved creating a parameter for the specific URL, as we prefer not to modify the buffer size. Unfortunately, this solution did not work for us.Could someone provide us with some guidance or assistance?Thank you!

nikoolayy1 · Accepted Answer

Bypass for an ASM policy better be done just for the violation with an irule as I see it as to not stop the ASM checks for urls , headers etc. and this way you are making a smaller security hole 😗. This is a nice example:
&nbsp;
https://clouddocs.f5.com/api/irules/ASM__unblock.html
&nbsp;
&nbsp;
Other option that can be tested is Request Body Handling, select Do Nothing. under the url:
&nbsp;
https://my.f5.com/manage/s/article/K32081491
&nbsp;
What was mentioned till now are all good solutions.

sebastiansierra · Answer

Hi&nbsp; marta_sl&nbsp;,
If your application&nbsp;is a&nbsp;web application for uploading videos I really recommend disabling this feature.
In some cases, you may want to increase the request buffer size (long_request_buffer_size) for the BIG-IP ASM security policy. However, increasing the long_request_buffer_size parameter value will increase the allowed size of all requests processed by the BIG-IP ASM system. Such a change can result in increased resource consumption as the BIG-IP ASM buffers the larger requests in memory. Resource usage should be closely monitored and any changes to the parameter value should be adjusted accordingly.
Additionally, changing the long_request_buffer_size parameter value requires that you restart the BIG-IP ASM service, resulting in a brief traffic disruption.
You can increase the value of the&nbsp;long_request_buffer_size&nbsp;internal parameter to a maximum of 30 megabytes, by performing the following procedure:
Impact of procedure: Restarting the BIG-IP ASM service results in a brief traffic disruption.

Log in to the Configuration utility.
Go to&nbsp;Security&nbsp;&gt;&nbsp;Options&nbsp;&gt;&nbsp;Application Security&nbsp;&gt;&nbsp;Advanced Configuration&nbsp;&gt;&nbsp;System Variables
For&nbsp;Search By Parameter Name, enter&nbsp;long_request_buffer_size&nbsp;and select&nbsp;Go.
The&nbsp;long_request_buffer_size&nbsp;parameter displays.

Select&nbsp;long_request_buffer_size.
For&nbsp;Parameter Value,&nbsp;enter the maximum length in bytes that you want the BIG-IP ASM security policy to accept.
Note: The appropriate maximum buffer size depends on your system configuration and resource provisioning. You should set the buffer size to the smallest possible value that will accommodate the largest anticipated request, up to 30 megabytes.

Select&nbsp;Update.
Log in to the command line.
Restart the BIG-IP ASM&nbsp;bd&nbsp;processes by entering the following command:
Important: This step causes a brief traffic disruption.
tmsh restart sys service asm
In the case you want to disable this feature you have to set 0 in the value and then restart the ASM, take in mind this step causes a brief traffic disruption.

&nbsp;

mohamed_ahmed_kansoh · Answer

Hi&nbsp;marta_sl&nbsp;,&nbsp;beside&nbsp;Sebastiansierra&nbsp;comment which is exactly correct , I want to add something important , if you intent to set value more than 10 MB , it's crucial to monitor your memory before the change and after , this increasment in request buffer size will consume from memory and you can't measure this impact because it depends on the number of requests which are processed by ASM engine so if you have now a high&nbsp;utilization of system memory , it's recommended not to set higher values of request buffer size in asm variable attributes &gt;&gt;&gt; also take in your consedration this value will applied in all ASM policies not only for the policy you are complaining from it.&nbsp;&gt; I would provide you another workaround if you have high memory utilization:&nbsp;you can bypass the url that contains this large file/video form being processed by ASM , you can do this using LTM policies or irules.you will the steps of by bypassing in this article :&nbsp;https://my.f5.com/manage/s/article/K22021244Thanks&nbsp;Sebastiansierra&nbsp;for your detailed comment.&nbsp;

marta_sl · Answer

Hi,Thank you very much for your responses and advice. What if we disable the "Block action" for the "Request length exceeds defined buffer size" in the policy building settings? Do you think it may affect the performance of the hardware?

mohamed_ahmed_kansoh · Answer

Hi&nbsp;marta_sl&nbsp;,&nbsp;no there is no impact on hardware or performance.&nbsp;if you disabled it , it will not block the large files upload , but this will be applied in all urls or virtual server applied under this ASM policy.&nbsp;So you have much varites :&nbsp;&gt; bypassing asm policy for specific&nbsp; url ( using irule , LTM policy )&nbsp;&gt; disablie ( learn , alarm , block ) for that violation.&gt; increasing request buffer size ( but this needs to monitor your system resources specially your memory consumption.&nbsp;

marta_sl · Answer

Thank you very much for your help!

Forum Discussion

File upload and ASM

6 Replies

Recent Discussions

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

Related Content

File Uploads and ASM

Handle False Positive for files upload

WAF - Allow uploads of only files with certain extensions and block all other file uploads

File Upload via iControl REST

Can't upload msg file - ASM block