For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ehtesh_26506's avatar
ehtesh_26506
Icon for Nimbostratus rankNimbostratus
Sep 22, 2013

Request Length exceeds defined buffer size

Hi all   i need to know , the significance of this alert . how the mechanism works , is it that user sends large file the ASM starts storing files ..and when file size grows out of size (defa...
security
David_Stout's avatar
David_Stout
Icon for Nimbostratus rankNimbostratus
Oct 07, 2013

The ASM has a default max buffer size of 10MB for fileuploads but it can be globally changed to a maximum of 20MB. If you need to upload files larger than that I would recommend using an iRule to bypass the ASM for known upload URIs or pages only. Its also possible to bypass the ASM for PUT and POST HTTP methods but that's a decision you need to make to trade off security for functionality.

 

With regards the buffer length issue ...

 

Navigate to Application Security --> File Types : Allowed File Types

 

If you are uploading a .DOC file for example ... look for the file extension there and check the request length. Sometimes it can show a figure of 100 for the request length but the ASM triggers a block / logging entry stating the request length is too long. Change the request length under allowed file types to cater for the longer HTTP request being used for that file. Repeat for each file type where this issue occurs.

 

Hope that helps a little.