Forum Discussion
File upload and ASM
- Sep 07, 2023
Bypass for an ASM policy better be done just for the violation with an irule as I see it as to not stop the ASM checks for urls , headers etc. and this way you are making a smaller security hole 😗. This is a nice example:
https://clouddocs.f5.com/api/irules/ASM__unblock.html
Other option that can be tested is Request Body Handling, select Do Nothing. under the url:
https://my.f5.com/manage/s/article/K32081491
What was mentioned till now are all good solutions.
Hi,
Thank you very much for your responses and advice. What if we disable the "Block action" for the "Request length exceeds defined buffer size" in the policy building settings? Do you think it may affect the performance of the hardware?
- Sep 07, 2023
Hi marta_sl ,
no there is no impact on hardware or performance.
if you disabled it , it will not block the large files upload , but this will be applied in all urls or virtual server applied under this ASM policy.
So you have much varites :
> bypassing asm policy for specific url ( using irule , LTM policy )
> disablie ( learn , alarm , block ) for that violation.
> increasing request buffer size ( but this needs to monitor your system resources specially your memory consumption.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com