Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM: How to expand length limits for select URLs?

I have an ASM policy where I've left the Request Length and POST Data Length at the defaults (5000/1000). This is fine for 99.9% of the site, but I do have a /fileUpload URL which is expected to exceed these limits every time it's used. The parameter named 'file' is used to upload documents and images, so I've created a 'file' parameter which has unlimited length:

file parameter

However, file uploads still trigger Illegal POST data length and Illegal request length violations - increasing the limit for that parameter doesn't help because the overall request still violates those restrictions.

large upload

How can I increase the Request and POST data lengths for just this URL? I only need large uploads on this one URL, but I don't want to loosen the restrictions over the rest of the site to allow it.

Update

Here are two example violations, the first from a Production system in Transparent mode, the second from a Development system in Blocking mode. The Development policy was exported and then imported into the Production device, and upon re-export they're essentially equivalent except insofar as the signature bases differ between the two systems.

Here's the Transparent system with a .tiff file, HTTP Content-Length is 227323 bytes:

200k Upload in Transparent

Here's the Blocking system with a .tiff file, HTTP Content-Length is 11934876 bytes:

large upload in Blocking

I can't even seem to trigger the same violations on my Development box, and can only trigger by going with a much larger file. It's a little distressing.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

When you click on either of the violations what do they say? (can you post here)

The post/query length relate to file types that you have accepted. Is there one you can associate/create for this upload?

If you uncheck the 'block' button for the 2 violations and leave learn/alarm buttons checks on, how many violations does it pick up on? (are length violations a serious concern for your web app you are trying to protect?)

0
Comments on this Answer
Comment made 12-Jun-2015 by Greg 248
I've updated the initial post with click-throughs on all the details on two different systems; hopefully those details will shed some light. The F5 determines that these are "no_ext", even though the file upload was .tiff in both cases. I will try creating a .tiff extension and seeing if I can then exempt these uploads from the size restrictions that way. This ASM policy has been in Transparent mode on our Production site for 48 hours; in that time it would have blocked 415 uploads as a result of this issue. There is one URL that is used to upload files; all other forms across the site have much smaller input (e.g., the login form is only going to take a few dozen characters as input). It is reasonable to want to limit length on the vast majority of the site, but to allow greater lengths on an upload form - the length restrictions wouldn't exist if there wasn't a basic security value on the average form. I appreciate your help!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Let know how it goes with creating the .tiff extension if not create a file type of 'no_ext' and apply the right thresholds against it if ASM cant detect the explicit file types. (if you are open to this)

Below link has a reference about this file type: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-4-0/asm_security_policy.html#1037023

0