How to setup the get and post data length for a specific URL under one ASM rule

The ASM is intended to protect your local web application from attackers, and it is expected that you will have a custom ASM policy for each web application. As such it is expected that you will have rules that match the requests being generated against each web application. Having said all that, the ASM isn't going to do you much good in terms of scanning uploaded images (it's not an antivirus server) and it is probably better to configure the ASM not to scan the images you are uploading. You can either configure this for the specific URL you are uploading to or by disabling ASM using local traffic policies if traffic matches this exact use case.

To configure this by URL go to advanced under the URL in question and configure a header based content profile with an action of Do Nothing.