smp_86112
Jan 16, 2009Cirrostratus
POST data length error
As I was reading the definition of "POST data length error" in the ASM config guide, I started thinking about how ASM actually calculates the length of POST data. I was hoping someone could elaborate.
What I'm wondering to myself is if ASM has to buffer the entire HTTP POST before calculating how large it is? And if that's the case, I wonder what effect that might have on HTTP applications where large client uploads are normal, or from a TCP perspective? I can't imagine ASM blindly compares the Content-Length header against the security policy.
Would appreciate any thoughts. Thanks.