Question
- What is "Request length exceeds defined buffer size" WAF violation?
- What is the buffer length for BIG-IP ASM?
Environment
- Silverline WAF
- Policy/Policies
- Module/Attack Signature
Answer
- The default maximum size for a BIG-IP ASM buffer is 10 MB or 10000000 bytes (it can't be changed).
- Whenever a request exceeds the buffer_size, the BIG-IP ASM triggers a "Request length exceeds defined buffer size" violation. A request will be blocked if this module is set to 'Blocking' or Alerted if the policy is in 'Transparent'.
- The only option available to tune this particular violation is to switch off this module.
-
We can disable on spacific URI by creating separate policy - it's possible to create up to 5 policies on one proxy. But it will be needed to remember about updating multiple policies in case additional tunings.
- Contact SOC / Contact Silverline Support if you want to tune the policy or want the SOC to perform an assessment for the policy/module.
Related Content
- Q&A: What is the file size limitation on WAF requests?
- https://support.f5.com/csp/article/K01235989
- WAF Setup: Blocking Phases
- How to Create WAF Violation Assessments