POST data length error

Question

As I was reading the definition of "POST data length error" in the ASM config guide, I started thinking about how ASM actually calculates the length of POST data. I was hoping someone could elaborate. 
&nbsp;  
&nbsp; What I'm wondering to myself is if ASM has to buffer the entire HTTP POST before calculating how large it is? And if that's the case, I wonder what effect that might have on HTTP applications where large client uploads are normal, or from a TCP perspective? I can't imagine ASM blindly compares the Content-Length header against the security policy. 
&nbsp;  
&nbsp; Would appreciate any thoughts. Thanks.

hooleylist · Answer

Maybe Ido or someone else with more technical info on ASM could answer.  But in the meantime, I think ASM does buffer the entire payload in order to validate the data.   
&nbsp;  
&nbsp; You could test your second question by using an interception proxy to modify the Content-Length header value on a POST request.  I also assume it doesn't use the header value to validate the payload length. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

POST data length error

1 Reply

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

SSL length key

Insufficient permissions BIG-IQ login error

HTTP POST redirect preserving POST data

Large payload post requests aren't responding

Post-Breach Analysis: Sophistication and Visibility