Forum Discussion
NimbostratusRequest Length exceeds defined buffer size
Hi all
i need to know , the significance of this alert . how the mechanism works , is it that user sends large file the ASM starts storing files ..and when file size grows out of size (default is 10 mb) .. ASM starts dropping it
or is the size of file already present in http header ?
if it is first case then i have consider it seriously as it consumes resource , if it is second case then ..since the device know what is coming , is out of policy and hence drops it and gives an alert that is ok ...
this is owa access.
thirdly i want to ask if ASM can give me a report saying ..this is attacker ip ..this is the url ..etc etc
lastly the notification said this is http 0 request
2 Replies
David_StoutThe ASM has a default max buffer size of 10MB for fileuploads but it can be globally changed to a maximum of 20MB. If you need to upload files larger than that I would recommend using an iRule to bypass the ASM for known upload URIs or pages only. Its also possible to bypass the ASM for PUT and POST HTTP methods but that's a decision you need to make to trade off security for functionality.
With regards the buffer length issue ...
Navigate to Application Security --> File Types : Allowed File Types
If you are uploading a .DOC file for example ... look for the file extension there and check the request length. Sometimes it can show a figure of 100 for the request length but the ASM triggers a block / logging entry stating the request length is too long. Change the request length under allowed file types to cater for the longer HTTP request being used for that file. Repeat for each file type where this issue occurs.
Hope that helps a little.
Pranav_73262thirdly i want to ask if ASM can give me a report saying ..this is attacker ip ..this is the url ..etc etc
Try Security --> Event Logs
It gives you all required details, provided you have enabled illegal request logging. You can also use filters to narrow down particular type of violation.
