Forum Discussion

Vladimir_Shishk's avatar
Vladimir_Shishk
Icon for Altocumulus rankAltocumulus
Jun 22, 2021

Transfer file 30M+ with enabled ASM

Hello.

I have a ASM enabled SSL-site. I need to transfer files via HTTP PUT with size more than long_request_buffer_size (default 10M, maximum 30Mb).

I tried to use an iRule script to stop ASM processing but nothing happened, large files are not transfered.

What should I do?

Thank you.

when HTTP_REQUEST {
if {[HTTP::method] equals "PUT" } {
ASM::disable
log local0. "ASM disabled for upload directory for [IP::client_addr]."
} 
else {
ASM::enable SSSSSSSS
log local0. "ASM enabled. Current ASM policy is [ASM::policy]"
}
}
  • Have you read https://support.f5.com/csp/article/K01235989 and followed "Disable large file processing by the BIG-IP ASM" ? This was the ASM will still check the first 10KB but will not block big files.

     

     

    Also do you have security logging profile under the ASM to see that you are blocked by the ASM and do you still see the error messages in /var/log/asm that the file is bigger than the buffer? This "ASM::disable" is not great because you may bypass your security for real attacks also maybe the files are matched with "POST" and you dont trigger the irule? Do you see that the traffic is matching the iRule in the /var/log/ltm?

     

     

    https://support.f5.com/csp/article/K37655278