How to tell ASM that a POST is valid?

Question

Hi out there
We have a webserver which is accessed through a F5 with LTM, APM &amp; ASM - there has been implemented a function now where the customer can upload a file from there PC to the site
This also works more or less fine but the ASM module is blocking the session because the POST is recognized as a buffer overflow attack. 
When I look at the session the ASM module says:
File Type asp
Detected Request Length 1577565
Expected Request Length 100000
and the post:
File Type asp
Detected POST Data Length 1576349
Expected POST Data Length 100000&nbsp;
I can wonder why the request and the POSt isnt equal but - ?? - anyway - I can of course just increase the length's permitted there from 100.000 to 2.000.000 (probably) but since we here are talking about jpg files they might become even bigger.
What would be the correct way to handle this problem in?&nbsp;
best regards /ti&nbsp;

rob_carr · Answer

The Expected Request Length value is the length of the entire request, headers, request line and POST data included.  The POST data length is just the payload of the request, so it should be slightly smaller.&nbsp;
You basically have two choices: monitor the length of requests and risk that valid requests will be blocked if they are out of range, or stop qualifying requests on the basis of length, and risk buffer overflow attacks.&nbsp;
You can enable learning on the Illegal POST Data Length and Illegal Request Length violations, examine requests that trigger these violations and then decide if there really is a case for relaxing the length restrictions, but you might block valid requests as part of the learning process.&nbsp;
Hope that helps.&nbsp;

tiwang · Answer

Hi Rob
This learning often ends up with the opposite of what I want - do you have some tricks there? Can I learn the ASM module that in this path the POST and request lengths need not to be verfied?&nbsp;
best regards /ti&nbsp;

tiwang · Answer

Hi Again out there
Really needs help - I had an expectation of that I could get into that particulary signature and increase the post and request length to a size which would be enough - but can some tell me where to find this? It is pretty urgent for me right now&nbsp;
best regards /ti&nbsp;

tiwang · Answer

ahh of course - thanks&nbsp;

Forum Discussion

How to tell ASM that a POST is valid?

4 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

access by browser can not be reach after add bot defense profile

Profile ssl server using pass phrase

Best Practise to Find Root Cause Analysis for F5 ASM

F5OS VLAN naming length restrictions

Strict header Insertion

Related Content

POC: Validate JWT with iRule

Modernizing F5 BIG-IP Synchronized HA Pairs with Ansible Validated Content

Implementing SSL Orchestrator - Validation & Troubleshooting

APM Customization: Password Change Validation

Request and validate OAuth / OIDC tokens with APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS