Forum Discussion
Unparsable request content - which security tradeoff ?
Hello all,
I am facing a violation for URL length exceeding the default ASM (2048) value.
Options to deal with this seems to be :
- increasing the whole system variable value of 2048
- Disable the HTTP compliance check "Unparsable request content" that implies removal of several others HTTP checks for the whole policy.
- Disabling ASM for the specified URI
What do you think that would be the best security tradeoff ?
Having no ASM at all for an URI, or releasing some HTTP checks on the whole policy ? or increasing default system value and then increasing ASM load.
thanks a lot for any thought
Hi Aurel and santoshmashetti ,
The best security tradeoff is to define this URI(s) in ASM Microservices and disable HTTP compliance check under this URI only.
Look at here for more details :
doing this narrow the attack service for your device and provide an optimal tradeoff for your policy.
But make sure this length is valid in the violation is a false positive.Thanks
- JGCumulonimbus
There could be a third option,i.e. fix the application and make it use the POST method.
- AurelCirrus
Hi JG, Absolutely. I talked to the app team before, and this behaviour would be consequence of mini applications inside the application page. I will make them aware of the security issue that this implies.
- santoshmashettiNimbostratus
Hi Aurel,JG
This is Santosh.
I am new to F5, I am also facing the same issue. I can ask the application team to make it as a post method. But my question is in details of this violation it is showing "URL length: 3610 exceeded maximum limit of: 3096". I am bit curious how this 3610 is been calculated. I tried to match this 3610 with the request URI but is no where matching. actually there is very big query string content which is more number of bytes than 3096. Can you help me to understand how it will be calculated.
Thanks in advance,
Santosh. M
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com