Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

WAF Request length exceeds defined buffer size

Hi All,

We are seeing support ID while uploading a file with file type as no extension (no_ext).

So we have created a custom File Type in Allowed File Types, details

no_ext, Request Length is 30MB and POST DATA LENGHT is also 30 MB.

But we still see WAF ID for the following error: 'Request length exceeds defined buffer size', which points to long_request_buffer_size which is set to 10MB.

My question is

  1. Why WAF ID comes for 'Request length exceeds defined buffer size' when I have increased the Request Length to 30 MB for the file type: 'no_ext' ?

  2. Does internal parameter 'long_request_buffer_size' takes precedence over the defined Request Length for no_ext File type?

Any suggestions would be very helpful.

Thanks, Ayush

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Have a look at this solution:

https://support.f5.com/csp/article/K01235989

One limit is specific to that file type, while the other is to whole ASM. So it does not matter which one is checked first, but the file has to be smaller than both sizes.

1
Comments on this Answer
Comment made 4 months ago by Ayush Gupta 62

Hi Leonardo,

  1. Could you please explain what does 'buffer' means in 'long_request_buffer_size'? Does it mean the extra buffer memory when the normal memory is full?

  2. For the file type: 'no_ext' the Request Length is set to 30 MB, but I still see the WAF for 'long_request_buffer_size' (internal parameter) which is set to 10 MB. The WAF basically tells that the we can't go beyond 10 MB.

  3. What does the 'Request Length' mean and its significance for file type: 'no_ext'?

Thanks, Ayush

1
Comment made 4 months ago by Leonardo Souza 3121

I can see that youssef has provided the answers.

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

First of don't forget that increasing the long_request_buffer_size parameter value will increase the allowed size of all requests processed by the BIG-IP ASM system.

More changing the long_request_buffer_size parameter value requires that you restart the BIG-IP ASM service, resulting in a brief traffic disruption. Did you do that?

https://support.f5.com/csp/article/K7935

Keep me in touch. regards,

0
Comments on this Answer
Comment made 4 months ago by Ayush Gupta 62

Hi Youssef,

I have not increased the value of: 'long_request_buffer_size'. It is the default value which is 10 MB. But I did increase the 'Request Lenght' to 30 MB for file type: 'no_ext' only.

But I still see the WAF pointing to : 'Request length exceeds defined buffer size' which is set to 10 MB.

I am not able to understand why the internal parameter 'long_request_buffer_size' is taking precedence if I have already increased the 'Request Length' to 30 MB for file type 'no_ext'.

0
Comment made 4 months ago by youssef 3465

You have to keep in mind that when a request exceeding the long_request_buffer_size, ASM Generates a violation and stops processing request. This behaviour avoid resource consumption as the ASM buffers the larger requests in memory.

So tu sump up no matter what you set on 'Request Length' if you exceed the configured limit in 'long_request_buffer_size' the request will be blocked.

But if you set 'long_request_buffer_size' at 15M and 'Request Length' at 12M and your request size is 13, you will be blocked by 'Request Length' rules...

Hope it's clear, keep me update. regards

1
Comment made 4 months ago by Ayush Gupta 62

Yes indeed :)

Thanks and regards, Ayush

0
Comment made 4 months ago by Ayush Gupta 62

Could you please explain what does 'buffer' means in 'long_request_buffer_size'? Does it mean the extra buffer memory when the normal memory is full?

0
Comment made 4 months ago by youssef 3465

First of you have to clearly understand what is a buffer (simple definition): limited-size memory area used to store data (usually temporarily). We use buffers for file access, but also for the network and for storing a lot of other information.

Buffer overflow, it is the fact to enter too much data in the buffer, causing a writing in a zone memory out of the buffer (-> from where the exploits, virus ...).

So to do easy, buffer in 'long_request_buffer_size' means an allocate memory zone for each request.

So for each request you have 10 Mb (by default) of allocated memory (buffer). in order to avoid resource consumption as the ASM buffers the larger requests in memory.

If this response suits you don't forget to validate my response. Regards

0
Comment made 4 months ago by Ayush Gupta 62
  1. So all the VIPs that are related with a ASM policy, will have a dedicated 10 MB 'long_request_buffer_size' respectively or all the VIPs will access one dedicated 10 MB memory?

  2. So there is no other memory being used other then 'long_request_buffer_size' to store incoming requests?

0
Comment made 4 months ago by youssef 3465
  1. dont' take in account VIP, we are takling about request. So each user request that are related with a ASM policy will have a dedicated 10 MB 'long_request_buffer_size' (all the VIPs will access one dedicated 10 MB memory are wrong) otherwise we would be quickly saturated, each request has 10MB of buffer.

  2. we are talking about the size of the buffer that is processed by the ASM. of course if you do not use the ASM you do not have this constraint. But as specified below, asn can manage only 10 at 30 MB for each request in order to avoid resource consumption as the ASM buffers the larger requests in memory.

Let me now if you need more info...

0
Comment made 4 months ago by Ayush Gupta 62

Thanks a lot Youssef :) I really appreciate your help.

This is what I understood: 'For a VIP that is associated with a ASM policy would have 10 MB of 'long_request_buffer_size' by default for all incoming requests. So only this memory is used to process incoming requests.'

I did not get 'But as specified below, asm can manage only 10 at 30 MB for each request in order to avoid resource consumption as the ASM buffers the larger requests in memory.' Could you please explain giving an example?

Lets say if there was no ASM policy associated with that VIP, then

  1. We never would have faced this issue right (long_request_buffer_size)?
  2. How BIG-IP would handle that POST request then? Could you please explain in terms of memory?
0