Nimbostratus
I may not understand correctly, so correct me if I'm out in left field. Is your Object created exactly as "/https://secure.stinson.com/bds/Loginsubmit.do" ? Unless the URL in the browser (when browsing to this) is https://secure.stinson.com/bds/Loginsubmit.do/https://secure.stinson.com/bds/Loginsubmit.do, then this contains a bit too much of the path. Presuming that when a you browse to this page, the URL in the address bar looks like this: "https://secure.stinson.com/bds/Loginsubmit.do" then your object should be "/bds/Loginsubmit.do"
If this is the case, that is probably why you see a global parameter matched, since the more specific Object/Parameter did not match.
Also, the 'Request Length' and 'Object Length' are settings for Object Types, i.e. ".asp", ".php", ".html" rather than for individual objects. The next time one of these violations occurs, investigate it in the 'Policy Building -> Manual' section. As hoolio suggests, that should clarify where the changes are being made.
Cheers!
// Ben
