PeopleSoft ASM policy and Max URI Length
Hi there ASMers. We've run into what I hope is not a unique situation. We've had a rapid deployment policy running in transparent mode sitting in front of our PeopleSoft/PeopleTools instance, and we seem to be hitting a wall on one issue in particular. Every now and then, we flag a level 5 violation which ASM classifies as an "HTTP Parser Attack". The reasoning is that the URI length exceeds the global ASM default value of 2048. I'm loathe to increase the global limit just to satisfy this one virtual, as we're hosting over 500. Conventional wisdom seems to suggest that 2048 is a good limit, so I'm wondering - where do other people come in? Has anyone else had to change the global limit for this? We are running PeopleSoft pretty much straight out of the box, no customizations other than also running the Grey Heller app firewall.
For what it's worth, F5 has an RFE for raising this limit on a per-virtual basis, but as things stand now, it impacts all of ASM.
Best regards, mjb