F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Jun 26, 2019

Unparsable request content - which security tradeoff ?

Hello all,   I am facing a violation for URL length exceeding the default ASM (2048) value. Options to deal with this seems to be : increasing the whole system variable value of 2048 Disable ...
application delivery
ASM Advanced WAF
BIG-IP
security
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jun 26, 2019

There could be a third option,i.e. fix the application and make it use the POST method.

  • Aurel's avatar
    Aurel
    Icon for Cirrus rankCirrus
    Jun 26, 2019

    Hi JG, Absolutely. I talked to the app team before, and this behaviour would be consequence of mini applications inside the application page. I will make them aware of the security issue that this implies.

     

    • santoshmashetti's avatar
      santoshmashetti
      Icon for Nimbostratus rankNimbostratus
      Jan 31, 2024

      Hi Aurel,JG

      This is Santosh.

      I am new to F5, I am also facing the same issue. I can ask the application team to make it as a post method. But my question is in details of this violation it is showing "URL length: 3610 exceeded maximum limit of: 3096". I am bit curious how this 3610 is been calculated. I tried to match this 3610 with the request URI but is no where matching. actually there is very big query string content which is more number of bytes than 3096. Can you help me to understand how it will be calculated.

       

      Thanks in advance,
      Santosh. M