Forum Discussion
NimbostratusFile upload and ASM
Bypass for an ASM policy better be done just for the violation with an irule as I see it as to not stop the ASM checks for urls , headers etc. and this way you are making a smaller security hole 😗. This is a nice example:
https://clouddocs.f5.com/api/irules/ASM__unblock.html
Other option that can be tested is Request Body Handling, select Do Nothing. under the url:
https://my.f5.com/manage/s/article/K32081491
What was mentioned till now are all good solutions.
Hi marta_sl ,
If your application is a web application for uploading videos I really recommend disabling this feature.
In some cases, you may want to increase the request buffer size (long_request_buffer_size) for the BIG-IP ASM security policy. However, increasing the long_request_buffer_size parameter value will increase the allowed size of all requests processed by the BIG-IP ASM system. Such a change can result in increased resource consumption as the BIG-IP ASM buffers the larger requests in memory. Resource usage should be closely monitored and any changes to the parameter value should be adjusted accordingly.
Additionally, changing the long_request_buffer_size parameter value requires that you restart the BIG-IP ASM service, resulting in a brief traffic disruption.
You can increase the value of the long_request_buffer_size internal parameter to a maximum of 30 megabytes, by performing the following procedure:
Impact of procedure: Restarting the BIG-IP ASM service results in a brief traffic disruption.
- Log in to the Configuration utility.
- Go to Security > Options > Application Security > Advanced Configuration > System Variables
- For Search By Parameter Name, enter long_request_buffer_size and select Go.
The long_request_buffer_size parameter displays.
- Select long_request_buffer_size.
- For Parameter Value, enter the maximum length in bytes that you want the BIG-IP ASM security policy to accept.
Note: The appropriate maximum buffer size depends on your system configuration and resource provisioning. You should set the buffer size to the smallest possible value that will accommodate the largest anticipated request, up to 30 megabytes.
- Select Update.
- Log in to the command line.
- Restart the BIG-IP ASM bd processes by entering the following command:
Important: This step causes a brief traffic disruption.
tmsh restart sys service asm
In the case you want to disable this feature you have to set 0 in the value and then restart the ASM, take in mind this step causes a brief traffic disruption.
