For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rahul_More's avatar
Rahul_More
Icon for Cirrus rankCirrus
Nov 11, 2020

"Illegal parameter value length" events when parameter is already at that value

Hi, The security policy is in transparent mode and when I enable block mode for site. The "Illegal parameter value length" logs are appearing in events request and the requested page is getting bloc...
application delivery
ASM Advanced WAF
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Nov 11, 2020

Try adding the parameter, explicitly by name, to the security policy. Ensure that the byte length attribute for the parameter is configured for the appropriate maximum length. You can also try changing the value of the parameter wildcard to "Any" which will also prevent the violation but can leave you vulnerable to buffer overflow attempts or other byte-length related attacks. If you already have all the parameters added to the policy, and you know there won't be any additional parameters in the future, you can remove the wildcard. Don't forget to click both Save and Apply Policy options when you make your changes.