For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_DeLaune_2's avatar
David_DeLaune_2
Icon for Nimbostratus rankNimbostratus
May 25, 2007

Modifying Request Content Without Client Sending All Content

Newbie question...   We are attempting to abort large HTTP single file uploads (> 30MB) without the client sending all of the content (having the client wait for all the bits to be sent) by looking...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 28, 2007
Does the client always set the content-length header in the request when doing an HTTP upload? If so, you could use something like this:

 

 


when HTTP_REQUEST {
   if {[HTTP::method]=="POST" and [HTTP::header exists "Content-Length"] and [HTTP::header value Content-Length] > 30000000}{
      HTTP::respond 413 content "request size too large"
   }
}

 

 

This rule will trigger when BIG-IP parses the HTTP request headers, but before any data is sent by the client. The rule will look for POST requests with a Content-Length header whose value is set to greater than 30M bytes and respond with an HTTP 413 code and content of "request size too large". No request will be sent to the web server in the pool for such requests.

 

 

Aaron