Forum Discussion
NikhilB
Employee
When you click on either of the violations what do they say? (can you post here)
The post/query length relate to file types that you have accepted. Is there one you can associate/create for this upload?
If you uncheck the 'block' button for the 2 violations and leave learn/alarm buttons checks on, how many violations does it pick up on? (are length violations a serious concern for your web app you are trying to protect?)
gowenfawr
Jun 12, 2015Nimbostratus
I've updated the initial post with click-throughs on all the details on two different systems; hopefully those details will shed some light.
The F5 determines that these are "no_ext", even though the file upload was .tiff in both cases. I will try creating a .tiff extension and seeing if I can then exempt these uploads from the size restrictions that way.
This ASM policy has been in Transparent mode on our Production site for 48 hours; in that time it would have blocked 415 uploads as a result of this issue. There is one URL that is used to upload files; all other forms across the site have much smaller input (e.g., the login form is only going to take a few dozen characters as input). It is reasonable to want to limit length on the vast majority of the site, but to allow greater lengths on an upload form - the length restrictions wouldn't exist if there wasn't a basic security value on the average form.
I appreciate your help!