Forum Discussion

Nimbostratus

Jun 16, 2020

Irule to make HTTP request size compliant with header

Hello, I need to implement in F5 is a possibility to reject an HTTP request in case the size of the request is not corresponding to the Content-Length of the header. I cannot use ASM for ...

Employee

Jun 20, 2020

what you are trying to do will work with GET but you may wish to consider POST, where you will have to use HTTP::collect and use HTTP::payload length.

For use with GET, you can simply use string length:

when HTTP_REQUEST {
  if { [expr {  [string length [HTTP::request]] eq ne expr [HTTP::header "Content-Length"]} {
    reject
  }
 }

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Irule to make HTTP request size compliant with header

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

NGINX Plus R35 for Federal Environments: FIPS-Compliant algorithms with ACME Certificates in AWS

A basic OWASP 2017 Top 10-compliant declarative WAF policy

Routing HTTP by request headers

Example OWASP Top 10-compliant declarative WAF policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS